First published: Thu Apr 22 2021(Updated: )
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle WebLogic Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can trigger the deserialization of untrusted data. An attacker can leverage this vulnerability to disclose information in the context of the service account.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle WebLogic Server | ||
Oracle WebLogic Server | =10.3.6.0.0 | |
Oracle WebLogic Server | =12.2.1.3.0 | |
Oracle WebLogic Server | =12.2.1.4.0 | |
Oracle WebLogic Server | =14.1.1.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.