CVE-2023-21841: 
Oracle WebLogic Server vulnerability analysis and mitigation

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The vulnerability affects versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 or IIOP protocols to compromise Oracle WebLogic Server (Oracle CPU Jan 2023).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The scoring indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), requires no user interaction (UI:N), has unchanged scope (S:U), and can result in high confidentiality impact (C:H) with no impact on integrity (I:N) or availability (A:N) (Oracle CPU Jan 2023).

Successful exploitation of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. The vulnerability primarily affects the confidentiality of the system, with no direct impact on system integrity or availability (Oracle CPU Jan 2023).

Oracle strongly recommends that customers apply the Critical Patch Update security patches as soon as possible. The patches are available through Oracle's Critical Patch Update program and are provided for product versions covered under Premier Support or Extended Support phases of the Lifetime Support Policy (Oracle CPU Jan 2023).

The vulnerability was discovered and reported by Liboheng of Tophant Starlight laboratory (Oracle CPU Jan 2023).