Published: 20/01/2021 Updated: 27/01/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle weblogic server 10.3.6.0.0
oracle weblogic server 12.1.3.0.0
oracle weblogic server 12.2.1.3.0
oracle weblogic server 12.2.1.4.0
oracle weblogic server 14.1.1.0.0

Oracle WebLogic Server version 14110 authenticated remote code execution exploit ...

Oracle Weblogic RCE - CVE-2022-2109

oracle-weblogic-CVE-2021-2109 Oracle Weblogic RCE - CVE-2022-2109

weblogic CVE-2021-2109批量验证poc

weblogic_CVE-2021-2109_poc weblogic CVE-2021-2109批量验证poc 使用方法：首先在另一个服务器上下载JNDIExploitjar并运行java -jar JNDIExploitjar -i (ip) 然后将需要检测的ip放在urlstxt中，在运行该脚本即可

weblogic CVE-2021-2109批量验证poc

weblogic_CVE-2021-2109_poc weblogic CVE-2021-2109批量验证poc 使用方法：首先在另一个服务器上下载JNDIExploitjar并运行java -jar JNDIExploitjar -i (ip) 然后将需要检测的ip放在urlstxt中，在运行该脚本即可

CVE-2021-2109 && Weblogic Server RCE via JNDI

Description Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console) Supported versions that are affected are 103600, 121300, 122130, 122140 and 141100 Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server Successful attacks of this vul

log4j-explain log4j는 전 세계적으로 인기있는 logging library로 Mincraft, Apple iCloud, Apache, Twitter, Steam, Amazon, Tesla 등 현재 수많은 소프트웨어에서 사용되고 있습니다 이러한 log4j에서 원격 코드 실행이 가능한 JNDI Injection 취약점이 발견되었습니다 해당 취약점의 이름은 log4shell로 명명되었으며 log4

CVE-2021-2109 Weblogic Server远程代码执行漏洞复现及分析 2021年1月Oracle发布了安全更新补丁，包含Oracle产品系列中的329个新安全补丁。此次公告中特别提到了，2020年11月1日发布的Oracle WebLogic Server关于CVE-2020-14750漏洞的安全公告。强烈建议客户应用此补丁更新，及此公告中的其他补丁。CVE编号CV

CVE-2021-2109 basic scanner

CVE-2021-2109 CVE-2021-2109 basic scanner Use it with python3 cve-2021-2109py URL

VTI的PoC检测工具

Welcome to Comal 快速使用在使用之前，请务必阅读并同意 License 文件中的条款，否则请勿安装使用本工具。 -u： PoC测试目标（必填） -p：测试使用的PoC （必填） -v：打印请求与响应 -r: 回连IP -proxy：设置HTTP代理 -version: 查看版本基础使用命令（非回连poc使用案例） \windows_amd64exe -p \CVE-

NVD-CWE-noinfo http://packetstormsecurity.com/files/161053/Oracle-WebLogic-Server-14.1.1.0-Remote-Code-Execution.html https://www.oracle.com/security-alerts/cpujan2021.html https://nvd.nist.gov https://packetstormsecurity.com/files/161053/Oracle-WebLogic-Server-14.1.1.0-Remote-Code-Execution.html https://github.com/Vulnmachines/oracle-weblogic-CVE-2021-2109

CVE-2021-2109

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect