CVE-2023-21931: 
Oracle WebLogic Server vulnerability analysis and mitigation

Vulnerability CVE-2023-21931 affects Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The affected versions are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 protocol to compromise Oracle WebLogic Server (Oracle CPUApr2023).

The vulnerability is related to a post deserialization issue via IIOP/T3 protocol. When receiving a request, WebLogic parses incoming data using BasicServerRef's invoke() method, which leads to a chain of calls through various classes including WLContextImpl, WLEventContextImpl, RootNamingNode, ServerNamingNode and BasicNamingNode. The vulnerability specifically involves the LinkRef interface type, where the getLinkName() function returns an attacker-controlled input string that is later used in remote JNDI loading operations. The vulnerability has a CVSS 3.1 Base Score of 7.5 (Confidentiality impacts) with vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) (AttackerKB).

Successful exploitation of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. The vulnerability primarily impacts the confidentiality of the system, with no direct effects on integrity or availability (NVD).

Oracle has released security patches to address this vulnerability in their April 2023 Critical Patch Update. Organizations running affected versions (12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0) of Oracle WebLogic Server should apply these security patches as soon as possible (Oracle CPUApr2023).