The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to gain full control over the application.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application through the use of network protocols T3 and IIOP...

PT-2023-6206 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server version 12.2.1.3.0 Description: The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via T3, IIOP to compromise...

CVE-2021-2108

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core Components. The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server...

Oracle Fusion Middleware Component Authorization Issues Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collections, and other capabilities.WebLogic Server is one of the application server components for both cloud...

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to execute arbitrary code.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using IIOP and T3 protocols from a remote location...

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to gain full control over the application.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to gain full control over the application using IIOP and T3 protocols...

The vulnerability of the Web Services component of the Oracle WebLogic Server application server allows a perpetrator to gain access to confidential information.

The vulnerability of the Web Services component of Oracle WebLogic Server servers exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to access confidential information using IIOP and T3 protocols...

The vulnerabilities of the Caching components, CacheStore, and the software platform for data processing in Oracle Coherence allow a hacker to gain full control over the application.

The vulnerability of the Caching, CacheStore, and Invocation components of the Oracle Coherence data processing software platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain full control over the application through the IIOP an...

CVE-2020-2883

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...

JBoss/WildFly: iiop does not honour strict transport confidentiality

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections:...

OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA...

OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not comment...

OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...