First published: Tue Oct 17 2023(Updated: )
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle WebLogic Server | =12.2.1.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-22072.
The affected software for this vulnerability is Oracle WebLogic Server version 12.2.1.3.0.
The severity of CVE-2023-22072 is critical with a CVSS score of 9.8.
An attacker can exploit CVE-2023-22072 by using T3 or IIOP protocols to gain unauthenticated access and compromise the Oracle WebLogic Server.
You can find more information about CVE-2023-22072 on the Oracle Security Alerts page: https://www.oracle.com/security-alerts/cpuoct2023.html