CVE-2023-21964: 
Oracle WebLogic Server vulnerability analysis and mitigation

A vulnerability has been identified in Oracle WebLogic Server (CVE-2023-21964) affecting versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 protocol to compromise Oracle WebLogic Server (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The technical assessment indicates that the vulnerability is easily exploitable through network access using the T3 protocol, requiring no user interaction or special privileges (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete Denial of Service (DoS) of Oracle WebLogic Server. The vulnerability primarily impacts the availability of the system, with no direct effect on confidentiality or integrity (Oracle Advisory).

Oracle has released patches to address this vulnerability as part of their Critical Patch Update (CPU) in April 2023. Users are strongly advised to update their Oracle WebLogic Server installations to the latest patched versions (Oracle Advisory).