CVE-2022-21258: 
Oracle WebLogic Server vulnerability analysis and mitigation

A vulnerability has been identified in Oracle WebLogic Server's Samples component, tracked as CVE-2022-21258. The affected version is 14.1.1.0.0. This vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server, requiring human interaction from a person other than the attacker (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 6.1 (Confidentiality and Integrity impacts) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability is network-exploitable, requires low attack complexity, needs no privileges, but does require user interaction. The scope is changed, with low impacts to both confidentiality and integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. While the vulnerability exists in Oracle WebLogic Server, attacks may significantly impact additional products (Oracle Advisory).

Oracle has released patches to address this vulnerability as part of the January 2022 Critical Patch Update. It is strongly recommended that customers apply the security patches as soon as possible (Oracle Advisory).