CVE-2021-2214

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0

Description The issue exists due to insufficient input validation, allowing a remote attacker to disclose protected information via HTTP requests. A difficult to exploit vulnerability allows a high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server, resulting in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

Recommendations For versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, consider restricting access to the Console component via HTTP to minimize the risk of exploitation. As a temporary workaround, consider disabling HTTP requests to the Oracle WebLogic Server until a patch is available. Restrict network access to the Oracle WebLogic Server to minimize the risk of exploitation by high privileged attackers.