CVE-2023-22072: 
Oracle WebLogic Server vulnerability analysis and mitigation

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) affects version 12.2.1.3.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 or IIOP protocols to completely compromise Oracle WebLogic Server. The vulnerability was discovered by hosch3n of MoreSec Zhuri Lab and was disclosed in Oracle's October 2023 Critical Patch Update (Oracle CPU).

The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 (Critical) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates the vulnerability has network attack vector, low attack complexity, requires no privileges or user interaction, and can impact confidentiality, integrity, and availability at high levels. The vulnerability is related to the Core component of WebLogic Server and can be exploited through T3 and IIOP protocols (Oracle CPU).

Successful exploitation of this vulnerability can result in complete takeover of Oracle WebLogic Server. This means an attacker could potentially gain full control over the affected system, compromising the confidentiality, integrity, and availability of the server and its data (Oracle CPU).

Oracle has released security patches to address this vulnerability as part of the October 2023 Critical Patch Update. Organizations running affected versions of WebLogic Server (12.2.1.3.0) should apply the security patches as soon as possible. Oracle strongly recommends that customers apply Critical Patch Update security patches without delay (Oracle CPU).