PT-2023-6195 · Oracle · Oracle Weblogic Server

Moritz Bechler

Publicado

2023-10-17

Atualizado

2023-10-23

CVE-2023-22101

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0

Description The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing a remote attacker to gain full control over the application using T3 and IIOP network protocols. Successful attacks can result in the takeover of Oracle WebLogic Server.

Recommendations For versions 12.2.1.4.0 and 14.1.1.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the T3 and IIOP protocols until a patch is available.

Correção

Missing Authentication

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306CWE-20

Identificadores relacionados

BDU:2023-06904

CVE-2023-22101

Produtos afetados

Oracle Weblogic Server

PT-2023-6195 · Oracle · Oracle Weblogic Server

CVE-2023-22101

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8