CVE-2023-22086

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:44

Type Values Removed Values Added
References () https://www.oracle.com/security-alerts/cpuoct2023.html - Patch, Vendor Advisory () https://www.oracle.com/security-alerts/cpuoct2023.html - Patch, Vendor Advisory

13 Sep 2024, 17:35

Type Values Removed Values Added
CWE CWE-200

23 Oct 2023, 18:19

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpuoct2023.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2023.html - Patch, Vendor Advisory
First Time Oracle weblogic Server
Oracle
CPE cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo

17 Oct 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-17 22:15

Updated : 2024-11-21 07:44


NVD link : CVE-2023-22086

Mitre link : CVE-2023-22086

CVE.ORG link : CVE-2023-22086


JSON object : View

Products Affected

oracle

  • weblogic_server
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor