| Check Point Reference: |
CPAI-2024-0082 |
| Date Published: |
12 Mar 2024 |
| Severity: |
Critical
|
| Last Updated: |
Tuesday 12 March, 2024 |
| Source: |
|
| Industry Reference: | CVE-2024-20931
|
| Protection Provided by: |
Security Gateway
R81, R80, R77, R75 |
| Who is Vulnerable? | Oracle WebLogic Server 12.2.1.4.0
Oracle WebLogic Server 14.1.1.0.0 |
| Vulnerability Description |
An information disclosure vulnerability exists in Oracle WebLogic Server. This vulnerability is due to improper handling user supplied data in AQjmsInitialContextFactory class leading to an JNDI injection.Successful exploitation results in the target server performing a JNDI lookup to an attacker controlled server, and in the worst case execution of arbitrary code under the security context of the affected service. |
Vulmon