CVE-2024-21183: 
Oracle WebLogic Server vulnerability analysis and mitigation

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) affects versions 12.2.1.4.0 and 14.1.1.0.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 or IIOP protocols to compromise Oracle WebLogic Server (Oracle CPU Jul 2024).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 (High) with the vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The scoring indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, and primarily impacts confidentiality (Oracle CPU Jul 2024).

Successful exploitation of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. The vulnerability specifically impacts the confidentiality of the system, with no direct effects on integrity or availability (Oracle CPU Jul 2024).

Oracle strongly recommends that customers apply the Critical Patch Update fixes as soon as possible. The patches are available for Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 through the July 2024 Critical Patch Update (Oracle CPU Jul 2024).

The vulnerability was discovered and reported by security researcher ja00see (Oracle CPU Jul 2024).