Published: 08/08/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle weblogic server 12.1.3.0.0
oracle weblogic server 10.3.6.0.0

Solaris, Java have vulns that let users run riot

The Register • Simon Sharwood • 19 Jul 2017

What's big, red and has 308 patches, 30 of them critical? Oracle's quarterly patch dump

Oracle's emitted its quarterly patch dump. As usual it's a whopper, with 308 security fixes to consider. Oracle uses the ten-point Common Vulnerability Scoring System Version 3.0, on which critical bugs score 9.0 or above. The Register counts 30 such bugs in this release. Not all can be laid at Oracle's door. For example, a glibc glitch is hardly Oracle's fault. Nor are the Apache Tomcat and Struts bugs that MySQL users need to squash. But a few others are Big Red boo-boos, such as CVE-2017-3632...

CVE-2017-10137

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect