CVE-2022-21258

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 14.1.1.0.0

Description The issue exists due to insufficient input validation in a component of Oracle WebLogic Server. Exploitation can allow a remote attacker to impact the confidentiality and integrity of protected information. Successful attacks require human interaction and can result in unauthorized access to some of the server's accessible data, including update, insert, or delete access, as well as unauthorized read access to a subset of the data.

Recommendations For version 14.1.1.0.0, consider restricting access to the vulnerable component until a patch is available. As a temporary workaround, limit network access via HTTP to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.