CVE-2017-3506

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, 12.2.1.2

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all Oracle WebLogic Server accessible data, as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. This vulnerability is difficult to exploit and has been added to the CISA KEV catalog due to active exploitation.

Recommendations For versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, 12.2.1.2, update to a version that is not affected by this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.