CVE-2023-22089: 
Oracle WebLogic Server vulnerability analysis and mitigation

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) affects versions 12.2.1.4.0 and 14.1.1.0.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 and IIOP protocols to compromise Oracle WebLogic Server (Oracle CPU Oct 2023).

The vulnerability has been assigned a CVSS Base Score of 9.8 (Critical) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates the vulnerability has high impacts on confidentiality, integrity, and availability. The attack vector is network-based, requires low attack complexity, needs no privileges, and requires no user interaction (Oracle CPU Oct 2023).

Successful exploitation of this vulnerability can result in complete takeover of Oracle WebLogic Server, potentially compromising the confidentiality, integrity, and availability of the system (Oracle CPU Oct 2023).

Oracle has released security patches to address this vulnerability as part of the October 2023 Critical Patch Update. It is strongly recommended that customers apply these security patches as soon as possible. The patches are available for WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 (Oracle CPU Oct 2023).

The vulnerability was reported by security researchers bluE0 and Qing Xu, who were acknowledged in Oracle's Critical Patch Update advisory (Oracle CPU Oct 2023).