298 matches found
CVE-2022-21441
CVE-2022-21441 pertains to Oracle WebLogic Server (Fusion Middleware, Core). Affected are WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. The flaw allows an unauthenticated, network-accessible attacker via T3/IIOP to cause the server to hang or crash (DoS). Root cause is described...
The vulnerability of the Core server component of Oracle WebLogic Server allows a perpetrator to gain unauthorized access to read, modify, or delete data, or to cause a service failure.
The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data, or to cause a service failure using t...
t3-it.de Improper Access Control vulnerability OBB-2402493
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-21353
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogi...
CVE-2022-21306
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...
Design/Logic Flaw
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...
CVE-2022-21350
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...
PT-2022-2151 · Oracle · Oracle Weblogic Server
Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.1.3.0.0 through 14.1.1.0.0 Description: The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via the...
Oracle WebLogic Server Multiple Vulnerabilities (Oct 2021 CPU)
The 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...
Oracle Fusion Middleware和Oracle WebLogic Server 输入验证错误漏洞
Oracle Fusion Middleware Oracle Fusion Middleware and Oracle WebLogic Server are both products of Oracle Corporation.Oracle Fusion Middleware is a business innovation platform for enterprise and cloud environments. The platform provides middleware, software collections, etc. Oracle WebLogic Serve...
Unspecified Vulnerability in Oracle Fusion Middleware (CNVD-2021-59241)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collection and other functions. Oracle Fusion Middleware has a security vulnerability that can be exploited...
CVE-2021-2428
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise...
Design/Logic Flaw
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIO...
Code injection
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
CVE-2021-2394
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIO...
The vulnerability of the Core server component of Oracle WebLogic Server allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Core server component of Oracle WebLogic Server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information through the use of IIOP and...
CVE-2021-2211
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP ...
Oracle Business Intelligence T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can...
Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle WebLogic Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can...
weblogic T3反序列化漏洞
...