CVE-2024-21215: 
Oracle WebLogic Server vulnerability analysis and mitigation

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) affects versions 12.2.1.4.0 and 14.1.1.0.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. The vulnerability was discovered by Haoran Zhao of Secsys Lab of Fudan University and has a CVSS 3.1 Base Score of 7.5 (Oracle CPU Oct 2024).

The vulnerability has been assigned a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network-based attack vector, low attack complexity, no privileges required, and no user interaction needed. The scope is unchanged, with no impact on confidentiality or integrity, but high impact on availability. Successful exploitation can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server (NVD Database).

The primary impact of successful exploitation is the ability to cause a complete denial of service (DOS) of the Oracle WebLogic Server. This can result in system hangs or frequently repeatable crashes, potentially disrupting business operations and service availability (Oracle CPU Oct 2024).

Oracle has released patches for the affected versions (12.2.1.4.0 and 14.1.1.0.0) as part of the October 2024 Critical Patch Update. Organizations are strongly advised to apply these security patches without delay to protect against potential exploitation (Oracle CPU Oct 2024).