Lucene search
K

238 matches found

Qualys Blog
Qualys Blog
added 2021/12/10 7:30 p.m.969 views

CVE-2021-44228: Apache Log4j2 Zero-Day Exploited in the Wild (Log4Shell)

Update Take advantage of our free service to quickly detect vulnerabilities in your external attack surface. Visit qualys.com/was-log4shell-help to get started. Update – December 22, 2021 7:53 PM ET A bug in external scanners could result in false negatives when unauthenticated Log4Shell scans we...

9.3CVSS0.6AI score0.99999EPSS
Exploits356
Tenable Nessus
Tenable Nessus
added 2021/11/01 12:0 a.m.605 views

Oracle WebLogic Server Multiple Vulnerabilities (Oct 2021 CPU)

The 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

9.8CVSS6.8AI score0.99019EPSS
Exploits9References11
Prion
Prion
added 2021/10/20 11:17 a.m.18 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Coherence Container. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP...

7.5CVSS9.2AI score0.02008EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/10/20 12:0 a.m.13 views

Oracle Fusion Middleware and Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-33111)

Oracle Fusion Middleware Oracle Fusion Middleware and Oracle WebLogic Server are both products of Oracle Corporation.Oracle Fusion Middleware is a business innovation platform for enterprise and cloud environments. The platform provides middleware, software collections, etc. Oracle WebLogic Serve...

9.8CVSS6.4AI score0.02008EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2021/08/02 4:19 a.m.445 views

Exploit for CVE-2021-2394

CVE-2021-2394 POC for CVE-2021-2394 - Disclaimer - This pr...

10CVSS7.5AI score0.76567EPSS
Exploits5
CNVD
CNVD
added 2021/07/23 12:0 a.m.28 views

Unspecified Vulnerability in Oracle Fusion Middleware (CNVD-2021-59241)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collection and other functions. Oracle Fusion Middleware has a security vulnerability that can be exploited...

7.5CVSS7.5AI score0.01834EPSS
Exploits0References1
OSV
OSV
added 2021/07/21 3:16 p.m.2 views

CVE-2021-2428

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise...

8.1CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2021/07/21 3:15 p.m.25 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIO...

7.5CVSS9.3AI score0.01626EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/07/21 3:15 p.m.23 views

Code injection

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

5CVSS7.4AI score0.01834EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/20 10:44 p.m.36 views

CVE-2021-2394

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIO...

9.8CVSS9.5AI score0.76567EPSS
Exploits3References1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.7 views

The vulnerability of the Core server component of Oracle WebLogic Server allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Core server component of Oracle WebLogic Server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information through the use of IIOP and...

10CVSS7.4AI score0.0224EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/04/22 10:15 p.m.21 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise...

7.5CVSS9.3AI score0.0224EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/22 9:53 p.m.22 views

CVE-2021-2211

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP ...

5.9CVSS6.6AI score0.02408EPSS
Exploits0References2
CVE
CVE
added 2021/04/22 9:53 p.m.92 views

CVE-2021-2136

CVE-2021-2136 affects Oracle WebLogic Server (Core) in Oracle Fusion Middleware. Affected versions are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. An unauthenticated attacker with network access via IIOP can take over the WebLogic Server, as characterized by a critical CVSSv3.1 rating of 9...

9.8CVSS9.4AI score0.0224EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/04/22 9:53 p.m.10 views

CVE-2021-2136

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise...

9.8CVSS7.7AI score0.0224EPSS
Exploits0References1
Gitee
Gitee
added 2021/03/25 3:44 p.m.5 views

Exploit for CVE-2020-2551

描述 在Oracle官方发布的2020年1月关键补丁更新公告CPU(Critical Patch Update)中,公布了一个Weblogic WLS组件IIOP协议中的远程代码执行漏洞(CVE-2020-2551)。 该漏洞可以绕过 Oracle 官方在 2019 年 10 月份发布的最新安全补丁。攻击者可以通过 IIOP 协议远程访问 Weblogic Server 服务器上的远程接口,传入恶意数据,从而获取服务器 权限并在未授权情况下远程执行任意代码。官方给出的CVSS 评分为 9.8。 IIOP 协议以 Java 接口的形式对远程对象进行访问,默认启用,可通过 7001...

9.8CVSS9.5AI score0.93168EPSS
Exploits18
GithubExploit
GithubExploit
added 2021/01/22 7:43 a.m.261 views

Exploit for CVE-2021-2109

CVE-2021-2109: WebLogic Server Remote Code Execution Vulnerabili...

9.8CVSS7.7AI score0.9927EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2021/01/22 12:0 a.m.101 views

Oracle Coherence (Jan 2021 CPU)

The version of the Oracle Coherence installed on the remote host is missing a critical patch update. It is, therefore, affected by a vulnerability, as referenced in the January 2021 CPU advisory. - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core Component...

9.8CVSS8.4AI score0.74753EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2021/01/22 12:0 a.m.662 views

Oracle WebLogic Server Multiple Vulnerabilities (Jan 2021 CPU)

The version of WebLogic Server installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory. - An unspecified vulnerability exists in the Core component. An unauthenticated, remote attacker with network access via IIOP, T3 can exploit this...

9.8CVSS7.1AI score0.9927EPSS
Exploits16References16
NVD
NVD
added 2021/01/20 3:15 p.m.23 views

CVE-2021-2108

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core Components. The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server...

9.8CVSS9.5AI score0.03728EPSS
Exploits0References1
Rows per page
Query Builder