CVE-2024-21216

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0

Description The issue is related to a vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware, specifically in the Core component. This vulnerability allows an unauthenticated attacker with network access via T3, IIOP to compromise the Oracle WebLogic Server. Successful attacks can result in the takeover of the Oracle WebLogic Server. It is estimated that over 18,000 services are potentially affected. The vulnerability can be exploited by sending specially crafted network packets, allowing an attacker to gain full access to the vulnerable software.

Recommendations For Oracle WebLogic Server version 12.2.1.4.0, update to a newer version to mitigate the risk. For Oracle WebLogic Server version 14.1.1.0.0, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the T3 and IIOP protocols to minimize the risk of exploitation.