CVE-2021-2142: 
Oracle WebLogic Server vulnerability analysis and mitigation

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console) affects version 10.3.6.0.0. This vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. The vulnerability requires human interaction from a person other than the attacker and while it exists in Oracle WebLogic Server, attacks may significantly impact additional products (Oracle Advisory, NVD).

The vulnerability has a CVSS 3.1 Base Score of 6.1 (Confidentiality and Integrity impacts) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This indicates network vector access, low attack complexity, no privileges required, and user interaction required. The scope is changed, with low impacts to both confidentiality and integrity, but no impact to availability (Oracle Advisory).

Successful exploitation can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data (Oracle Advisory).

Oracle released patches for this vulnerability as part of the April 2021 Critical Patch Update. Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible (Oracle Advisory).