CVE-2023-21996: 
Oracle WebLogic Server vulnerability analysis and mitigation

Vulnerability in Oracle WebLogic Server's Web Services component affects versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server, potentially resulting in a complete denial of service (DoS). The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5, indicating HIGH severity (Oracle Advisory).

The vulnerability (CVE-2023-21996) is characterized by its network attack vector (AV:N), low attack complexity (AC:L), and requires no privileges (PR:N) or user interaction (UI:N). The scope is unchanged (S:U), with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (Oracle Advisory).

Successful exploitation can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DoS) of Oracle WebLogic Server. This can significantly impact the availability of affected systems (Oracle Advisory).

Oracle has released patches for affected versions (12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0) as part of the April 2023 Critical Patch Update. Organizations are strongly advised to apply these security patches without delay to address the vulnerability (Oracle Advisory).