Vulnerability DatabaseCVE-2023-22031

CVE-2023-22031:
Oracle WebLogic Server vulnerability analysis and mitigation

Overview

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 12.2.1.4.0. This vulnerability allows high privileged attacker with network access via T3, IIOP to compromise Oracle WebLogic Server (Oracle CPU Jul 2023).

Technical details

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.4 (Availability impacts) with the vector string: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability is difficult to exploit and requires high privileges. The attack vector is network-based, specifically through T3 and IIOP protocols (NVD).

Impact

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server (Oracle CPU Jul 2023).

Mitigation and workarounds

Oracle has released patches to address this vulnerability as part of the July 2023 Critical Patch Update. It is strongly recommended that customers apply the security patches as soon as possible (Oracle CPU Jul 2023).

Community reactions

The vulnerability was reported to Oracle by security researchers 4ra1n and bluE0, who were acknowledged in Oracle's Critical Patch Update Advisory (Oracle CPU Jul 2023).