CVE-2017-10123
First published: Tue Aug 08 2017(Updated: )
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =12.1.3.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-10123?
CVE-2017-10123 is rated as a critical severity vulnerability that allows remote code execution.
How do I fix CVE-2017-10123?
To fix CVE-2017-10123, update Oracle WebLogic Server to the latest version provided by Oracle.
Who is affected by CVE-2017-10123?
CVE-2017-10123 affects Oracle WebLogic Server version 12.1.3.0.0.
What can an attacker do with CVE-2017-10123?
An attacker exploiting CVE-2017-10123 can execute arbitrary code on the Oracle WebLogic Server.
Is CVE-2017-10123 easy to exploit?
Yes, CVE-2017-10123 is considered easily exploitable with low privileges over HTTP.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle weblogic server
- version/oracle weblogic server/12.1.3.0.0