CVE-2022-21616

MEDIUM 5.2

CVSS Score

5.2

EPSS Score

0.0%

EPSS Percentile

0th

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data and unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H).

Vendor	oracle corporation
Product	weblogic server
Published	Oct 18, 2022
Last Updated	Sep 24, 2024

Stay Ahead of the Next One

Get instant alerts for oracle corporation weblogic server

Be the first to know when new medium vulnerabilities affecting oracle corporation weblogic server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Affected Versions

Oracle Corporation / WebLogic Server

12.2.1.3.0 12.2.1.4.0 14.1.1.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

oracle.com: https://www.oracle.com/security-alerts/cpuoct2022.html