CVE-2024-20931: 
Oracle WebLogic Server vulnerability analysis and mitigation

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) affects versions 12.2.1.4.0 and 14.1.1.0.0. This vulnerability was discovered by Glassy of EagleCloud and disclosed in January 2024 (Oracle CPU).

The vulnerability allows unauthenticated attackers with network access via T3 or IIOP protocols to compromise Oracle WebLogic Server. The vulnerability has a CVSS v3.1 Base Score of 7.5 (High) with the vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability exploits the getReferent function inside weblogic.deployment.jms.ForeignOpaqueReference.class by setting a malicious JNDI url to the environment variable java.naming.provider.url (AttackerKB).

Successful exploitation can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. The vulnerability primarily impacts confidentiality, with no direct impact on integrity or availability (NVD).

Oracle has released patches for affected versions (12.2.1.4.0 and 14.1.1.0.0) in the January 2024 Critical Patch Update. Organizations are strongly recommended to apply these security patches as soon as possible (Oracle CPU).