CVE-2023-21837
First published: Wed Jan 18 2023(Updated: )
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =12.2.1.3.0 | |
| Oracle WebLogic Server | =12.2.1.4.0 | |
| Oracle WebLogic Server | =14.1.1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Oracle WebLogic Server vulnerability?
The vulnerability ID of this Oracle WebLogic Server vulnerability is CVE-2023-21837.
What component of Oracle Fusion Middleware is affected by this vulnerability?
This vulnerability affects the Core component of Oracle Fusion Middleware.
Which versions of Oracle WebLogic Server are affected by this vulnerability?
This vulnerability affects versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 of Oracle WebLogic Server.
Is this vulnerability easily exploitable?
Yes, this vulnerability is easily exploitable.
How can an attacker exploit this vulnerability?
An unauthenticated attacker with network access via IIOP can exploit this vulnerability to compromise Oracle WebLogic Server.
What is the severity rating of this Oracle WebLogic Server vulnerability?
The severity rating of this Oracle WebLogic Server vulnerability is high, with a severity value of 7.5.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability in the Oracle Security Advisory at https://www.oracle.com/security-alerts/cpujan2023.html.
- collector/nvd-index
- vendor/oracle
- product/weblogic server
- canonical/oracle weblogic server