Lucene search
K

298 matches found

CVE
CVE
added 2022/04/19 8:37 p.m.126 views

CVE-2022-21441

CVE-2022-21441 pertains to Oracle WebLogic Server (Fusion Middleware, Core). Affected are WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. The flaw allows an unauthenticated, network-accessible attacker via T3/IIOP to cause the server to hang or crash (DoS). Root cause is described...

7.5CVSS7.7AI score0.01303EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/11 12:0 a.m.7 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a perpetrator to gain unauthorized access to read, modify, or delete data, or to cause a service failure.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data, or to cause a service failure using t...

6.5CVSS6.8AI score0.01222EPSS
Exploits0References4Affected Software1
Openbugbounty
Openbugbounty
added 2022/03/04 6:46 a.m.17 views

t3-it.de Improper Access Control vulnerability OBB-2402493

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

0.1AI score
Exploits0
OSV
OSV
added 2022/01/19 12:15 p.m.3 views

CVE-2022-21353

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogi...

6.5CVSS6.7AI score0.01222EPSS
Exploits0References1
OSV
OSV
added 2022/01/19 12:15 p.m.5 views

CVE-2022-21306

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...

9.8CVSS6.8AI score0.04141EPSS
Exploits0References1
Prion
Prion
added 2022/01/19 12:15 p.m.19 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...

7.5CVSS9.2AI score0.04141EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/19 11:25 a.m.22 views

CVE-2022-21350

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...

6.5CVSS6.1AI score0.03618EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/01/18 12:0 a.m.5 views

PT-2022-2151 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.1.3.0.0 through 14.1.1.0.0 Description: The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via the...

10CVSS7AI score0.04141EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2021/11/01 12:0 a.m.605 views

Oracle WebLogic Server Multiple Vulnerabilities (Oct 2021 CPU)

The 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

9.8CVSS6.8AI score0.99019EPSS
Exploits9References11
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.4 views

Oracle Fusion Middleware和Oracle WebLogic Server 输入验证错误漏洞

Oracle Fusion Middleware Oracle Fusion Middleware and Oracle WebLogic Server are both products of Oracle Corporation.Oracle Fusion Middleware is a business innovation platform for enterprise and cloud environments. The platform provides middleware, software collections, etc. Oracle WebLogic Serve...

7.5CVSS7.7AI score0.01446EPSS
Exploits0References5
CNVD
CNVD
added 2021/07/23 12:0 a.m.28 views

Unspecified Vulnerability in Oracle Fusion Middleware (CNVD-2021-59241)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collection and other functions. Oracle Fusion Middleware has a security vulnerability that can be exploited...

7.5CVSS7.5AI score0.01834EPSS
Exploits0References1
OSV
OSV
added 2021/07/21 3:16 p.m.4 views

CVE-2021-2428

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise...

8.1CVSS5.8AI score0.01561EPSS
Exploits0References1
Prion
Prion
added 2021/07/21 3:15 p.m.26 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIO...

7.5CVSS9.3AI score0.01626EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/07/21 3:15 p.m.23 views

Code injection

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

5CVSS7.4AI score0.01834EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/20 10:44 p.m.36 views

CVE-2021-2394

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIO...

9.8CVSS9.5AI score0.76567EPSS
Exploits3References1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.7 views

The vulnerability of the Core server component of Oracle WebLogic Server allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Core server component of Oracle WebLogic Server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information through the use of IIOP and...

10CVSS7.4AI score0.0224EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/04/22 9:53 p.m.23 views

CVE-2021-2211

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP ...

5.9CVSS6.6AI score0.02408EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2021/04/22 12:0 a.m.35 views

Oracle Business Intelligence T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can...

9.8CVSS4.4AI score0.05667EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2021/04/22 12:0 a.m.26 views

Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle WebLogic Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can...

4.9CVSS1.6AI score0.02408EPSS
Exploits0References1
seebug.org
seebug.org
added 2021/04/20 12:0 a.m.21 views

weblogic T3反序列化漏洞

...

0.9AI score
Exploits0
Rows per page
Query Builder