7.5
CVSSv3

CVE-2024-21182

CVSSv4: NA | CVSSv3: 7.5 | CVSSv2: NA | VMScore: 850 | EPSS: 0.00043 | KEV: Not Included
Published: 16/07/2024 Updated: 21/11/2024

Vulnerability Summary

Unauthenticated Data Compromise in Oracle WebLogic Server (CVSS 7.5)

A vulnerability exists in Oracle WebLogic Server, part of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.1.0.0. This flaw can be exploited easily. An unauthenticated attacker with network access via T3 or IIOP can use it to compromise Oracle WebLogic Server. If the attack is successful, unauthorized users can access critical data or all data the server has. The vulnerability has a CVSS 3.1 Base Score of 7.5, indicating high confidentiality impacts. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle corporation weblogic server

oracle weblogic server 12.2.1.4.0

oracle weblogic server 14.1.1.0.0

Github Repositories

Hi there 👋 CVE-2024-21182 : Oracle Critical Patch Update Advisory - July 2024 CVE-2024-21216 : Oracle Critical Patch Update Advisory - October 2024 CVE-2024-42323 : Apache HertzBeat: RCE by snakeYaml deser load malicious xml CVE-2024-45505 : Apache HertzBeat (incubating): Exists Native Deser RCE and file writing vulnerabilities