Lucene search
+L

17 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:20 a.m.8 views

CVE-2023-21839

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

7.5CVSS6.3AI score0.99811EPSS
Exploits10References1
The Hacker News
The Hacker News
added 2024/06/28 11:59 a.m.76 views

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining

Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware...

7.5CVSS7.1AI score0.99993EPSS
Exploits56
The Hacker News
The Hacker News
added 2024/06/04 3:25 a.m.37 views

Oracle WebLogic Server OS Command Injection Flaw Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 CVSS score: 7.4, the issue concerns an operati...

7.5CVSS8AI score0.99811EPSS
Exploits19
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/05/30 12:0 a.m.39 views

Decoding Water Sigbin's Latest Obfuscation Tricks

Water Sigbin aka the 8220 Gang exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against...

7.5CVSS7.2AI score0.99811EPSS
Exploits19
GithubExploit
GithubExploit
added 2023/12/03 1:45 p.m.313 views

Exploit for Cross-site Scripting in Helpsystems Cobalt_Strike

Gui-poc-test A testing tool for CobaltStrike-RCE:CVE-2022-3919...

7.5CVSS7.6AI score0.99811EPSS
Exploits27
Packet Storm
Packet Storm
added 2023/06/12 12:0 a.m.719 views

Oracle Weblogic PreAuth Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Taken from page 24 of https://docs.oracle.com/cd/E1321101/wle/wle42/corba/giop.pdf NOEXCEPTION = 0 USEREXCEPTION = 1 SYSTEMEXCEPTION = 2...

7.5CVSS7.1AI score0.99811EPSS
Exploits10
GithubExploit
GithubExploit
added 2023/05/29 2:8 a.m.590 views

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2023-21839-metasploit-scanner Usage git clone https://...

7.5CVSS8AI score0.99811EPSS
Exploits10
Malwarebytes
Malwarebytes
added 2023/05/03 2:30 p.m.69 views

Oracle WebLogic Server vulnerability added to CISA list as “known to be exploited”

On May 1, 2023 the Cybersecurity and Infrastructure Security Agency CISA added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies are obliged to remediate the...

5.1CVSS8AI score0.99999EPSS
Exploits58
The Hacker News
The Hacker News
added 2023/05/02 5:35 a.m.171 views

Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three flaws to the Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389 CVSS score: 8.8 - TP-Link Archer AX-21 Command Injection...

10CVSS10.1AI score0.99999EPSS
Exploits374
VulnCheck KEV
VulnCheck KEV
added 2023/05/01 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-21839

Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server...

7.5CVSS7.3AI score0.99811EPSS
Exploits10References1
GithubExploit
GithubExploit
added 2023/04/15 8:57 a.m.667 views

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2023-21839 Due to special requirements, the GO version of...

7.5CVSS7.2AI score0.99811EPSS
Exploits10
GithubExploit
GithubExploit
added 2023/02/21 4:8 p.m.759 views

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

WebLogic-CVE-2023-21839 CVE-2023-21839 is a vulnerability cre...

7.5CVSS7.4AI score0.99811EPSS
Exploits10
GithubExploit
GithubExploit
added 2023/02/21 4:8 p.m.416 views

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

WebLogic-CVE-2023-21839 CVE-2023-21839 is a vulnerability cre...

7.5CVSS7.4AI score0.99811EPSS
Exploits10
Circl
Circl
added 2023/01/29 3:43 p.m.8 views

CVE-2023-21839

creationtimestamp| type| source ---|---|--- 2023-01-29 15:43:57+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/3716 2023-02-22 06:20:02+00:00| published-proof-of-concept| Telegram/rtIvSzNDcGJDjAmNbpFbRjMYLO0j4LkJOjAcfYVbCa7YVw 2023-02-22 08:16:14+00:00| published-proof-of-concept|...

7.5CVSS7.1AI score0.99811EPSS
Exploits10References40
Vulnrichment
Vulnrichment
added 2023/01/17 11:35 p.m.22 views

CVE-2023-21839

...

7.5CVSS7.8AI score0.99811EPSS
Exploits10References2
CVE
CVE
added 2023/01/17 11:35 p.m.807 views

CVE-2023-21839

CVE-2023-21839 affects Oracle WebLogic Server (core) versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. It is exploitable via unauthenticated network access over T3/IIOP and relates to post-deserialization of a ForeignOpaqueReference object, enabling remote code execution as the oracle user. Multip...

7.5CVSS7.5AI score0.99811EPSS
In wildExploits10References3Affected Software1
Cvelist
Cvelist
added 2023/01/17 11:35 p.m.27 views

CVE-2023-21839

...

7.5CVSS7.8AI score0.99811EPSS
Exploits10References2
Rows per page
Query Builder