cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-21274,https://securityvulnerability.io/vulnerability/CVE-2024-21274,Oracle WebLogic Server Vulnerability: Unauthenticated Hang or Crash Possible via HTTP,"An unauthenticated network vulnerability in Oracle WebLogic Server's Console component allows attackers with HTTP access to exploit the system. Successful exploitation can lead to unauthorized actions resulting in the hang or frequent crashing of the server, creating a complete denial of service condition. Affected versions include Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0, which are critical in many enterprise environments.",Oracle,Oracle Weblogic Server,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-10-15T19:52:59.485Z,0
CVE-2024-21260,https://securityvulnerability.io/vulnerability/CVE-2024-21260,Unauthenticated Hang or DOS Vulnerability in Oracle WebLogic Server,"A vulnerability exists in the Oracle WebLogic Server as part of Oracle Fusion Middleware, specifically within the Core component. Affected versions include 12.2.1.4.0 and 14.1.1.0.0. This vulnerability can be easily exploited by unauthenticated attackers who gain network access through T3 or IIOP protocols, potentially leading to a denial of service condition. Successful exploitation allows these attackers to cause the WebLogic Server to hang or crash, effectively interrupting service and impacting availability. Organizations using the affected versions are advised to assess their exposure and apply available patches.",Oracle,Oracle Weblogic Server,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-10-15T19:52:54.271Z,0
CVE-2024-21234,https://securityvulnerability.io/vulnerability/CVE-2024-21234,Security Vulnerability in Oracle WebLogic Server Could Lead to Unauthorized Access,"A vulnerability exists in Oracle WebLogic Server, specifically in the Core component of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.1.0.0. This vulnerability is easily exploitable by an unauthenticated attacker with network access through T3 and IIOP protocols. If successfully exploited, it may allow unauthorized access to critical data, potentially leading to a full compromise of all data accessible through the affected Oracle WebLogic Server instance.",Oracle,Oracle Weblogic Server,7.5,HIGH,0.001019999966956675,false,false,false,false,,false,false,2024-10-15T19:52:46.564Z,0
CVE-2024-21216,https://securityvulnerability.io/vulnerability/CVE-2024-21216,Oracle WebLogic Server Vulnerability: Unauthenticated Takeover Possible,"An unauthenticated vulnerability exists in Oracle WebLogic Server, a crucial component of Oracle Fusion Middleware, affecting specific versions (12.2.1.4.0 and 14.1.1.0.0). This vulnerability allows an attacker with network access, through protocols like T3 and IIOP, to compromise the server without prior authentication. Successful exploitation can lead to unauthorized access and potential complete takeover of the WebLogic Server, posing significant risks to confidentiality, integrity, and availability. Organizations using the affected versions are advised to apply necessary patches and implement security measures to mitigate potential threats.",Oracle,Oracle Weblogic Server,9.8,CRITICAL,0.0015699999639764428,false,false,false,false,,true,false,2024-10-15T19:52:43.497Z,3570
CVE-2024-21215,https://securityvulnerability.io/vulnerability/CVE-2024-21215,Oracle WebLogic Server Vulnerability in Oracle Fusion Middleware Core Component,"Oracle WebLogic Server, a critical component of Oracle Fusion Middleware, has been identified with a vulnerability that can be exploited by an unauthenticated attacker with network access using HTTP. This flaw affects versions 12.2.1.4.0 and 14.1.1.0.0, enabling malicious actors to compromise the server and potentially lead to denial-of-service conditions. Successful exploitation of this vulnerability could cause the server to hang or crash repeatedly, resulting in significant availability impacts.",Oracle,Oracle Weblogic Server,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-10-15T19:52:43.199Z,0
CVE-2024-21181,https://securityvulnerability.io/vulnerability/CVE-2024-21181,Oracle WebLogic Server Vulnerability,"A security vulnerability exists in the Core component of Oracle WebLogic Server, a part of Oracle Fusion Middleware. This specific flaw allows unauthenticated attackers with network access via T3 or IIOP protocols to potentially compromise the server completely. This could lead to an attacker gaining full control over the Oracle WebLogic Server, causing serious breaches in confidentiality, integrity, and availability. Versions 12.2.1.4.0 and 14.1.1.0.0 are known to be affected, emphasizing the urgent need for users to apply relevant security patches.",Oracle,Weblogic Server,9.8,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21183,https://securityvulnerability.io/vulnerability/CVE-2024-21183,Remote Code Execution Vulnerability in Oracle WebLogic Server,"A newly identified remote code execution vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware poses a significant risk to data integrity. Found in versions 12.2.1.4.0 and 14.1.1.0.0, this easily exploitable flaw allows unauthenticated attackers with network access to compromise the server via T3 and IIOP protocols. Successful exploitation can lead to unauthorized access to sensitive data, potentially exposing critical systems to further attacks. Organizations using the affected versions are urged to implement security patches and adhere to best practices to mitigate these risks. For detailed information, refer to the official Oracle advisory.",Oracle,Weblogic Server,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21175,https://securityvulnerability.io/vulnerability/CVE-2024-21175,Unauthenticated Remote Code Execution in Oracle WebLogic Server,"A recently identified vulnerability in Oracle WebLogic Server poses a significant threat to data integrity. This issue allows an unauthenticated attacker with HTTP network access to gain unauthorized control over the affected systems. The vulnerability affects Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0, enabling attackers to create, delete, or modify critical data without proper authentication. Businesses relying on these versions of WebLogic Server should prioritize immediate updates to safeguard their environments. For further details, refer to the Oracle security advisory.",Oracle,Weblogic Server,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21182,https://securityvulnerability.io/vulnerability/CVE-2024-21182,Unpatched Vulnerability in Oracle WebLogic Server Could Lead to Unauthorized Access,"A vulnerability has been identified in Oracle WebLogic Server within the Oracle Fusion Middleware suite, specifically in its Core component. This vulnerability allows an unauthenticated attacker with network access via T3 or IIOP protocols to gain unauthorized access to sensitive data. Exploitation of this flaw may enable attackers to access critical information or potentially compromise all data accessible to Oracle WebLogic Server. It is imperative for users of affected versions (12.2.1.4.0 and 14.1.1.0.0) to apply security patches and updates to mitigate potential risks.",Oracle,Weblogic Server,7.5,HIGH,0.0004299999854993075,false,false,false,true,true,false,false,2024-07-16T23:15:00.000Z,959
CVE-2024-21007,https://securityvulnerability.io/vulnerability/CVE-2024-21007,Unauthenticated Network Access Vulnerability in Oracle WebLogic Server,"A vulnerability has been identified in Oracle WebLogic Server, part of the Oracle Fusion Middleware suite, affecting version 12.2.1.4.0 and 14.1.1.0.0. This vulnerability can be exploited by unauthenticated attackers with network access through T3 or IIOP protocols, potentially allowing them to gain unauthorized access to critical data stored on WebLogic Server. If successfully exploited, this vulnerability could lead to a complete compromise of the accessible data within the affected Oracle WebLogic Server instances, posing significant risks to organizations relying on these systems. Businesses using the impacted versions are highly encouraged to apply security patches and take necessary measures to safeguard their data and infrastructure.",Oracle,Weblogic Server,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-04-16T22:15:00.000Z,0
CVE-2024-21006,https://securityvulnerability.io/vulnerability/CVE-2024-21006,Remote Code Execution Vulnerability in Oracle WebLogic Server,"CVE-2024-21006 is a vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware, affecting supported versions 12.2.1.4.0 and 14.1.1.0.0. It allows unauthenticated attackers to compromise the server and gain unauthorized access to critical data. The vulnerability is easily exploitable and has a CVSS 3.1 Base Score of 7.5, indicating its significant impact. There are no known exploitations in the wild by ransomware groups at this time. However, affected users should take measures to address this vulnerability as soon as possible to prevent potential unauthorized data access.",Oracle,Weblogic Server,7.5,HIGH,0.0004299999854993075,false,true,false,true,true,false,false,2024-04-16T22:15:00.000Z,0
CVE-2024-20986,https://securityvulnerability.io/vulnerability/CVE-2024-20986,Oracle WebLogic Server Vulnerability Allows Unauthorized Access to Data,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are 12.2.1.4.0 and  14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as  unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,WebLogic Server,6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T01:50:23.116Z,0
CVE-2024-20931,https://securityvulnerability.io/vulnerability/CVE-2024-20931,Unauthenticated Access Vulnerability in Oracle WebLogic Server,"A significant vulnerability exists in Oracle WebLogic Server, part of the Oracle Fusion Middleware suite, specifically in its core component. Versions 12.2.1.4.0 and 14.1.1.0.0 are susceptible. Exploitation of this vulnerability enables an unauthenticated attacker with network access through T3 and IIOP protocols to compromise the server. Such unauthorized access can lead to the exposure of critical data, potentially granting attackers complete control over all accessible information within the Oracle WebLogic Server environment.",Oracle,Weblogic Server,7.5,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-02-17T01:50:12.858Z,0
CVE-2024-20927,https://securityvulnerability.io/vulnerability/CVE-2024-20927,Vulnerability in Oracle WebLogic Server Affecting Fusion Middleware,"A vulnerability exists in Oracle WebLogic Server that could allow unauthenticated attackers with network access via HTTP to exploit the server. This vulnerability affects supported versions, including 12.2.1.4.0 and 14.1.1.0.0, potentially allowing attackers to create, delete, or modify critical data accessible through Oracle WebLogic Server. While primarily involving Oracle WebLogic Server, successful exploits may also have implications for additional products, causing a significant scope change. Organizations using impacted versions should prioritize assessing and mitigating risk to safeguard their data and systems.",Oracle,Weblogic Server,8.6,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T01:50:11.937Z,0
CVE-2023-22108,https://securityvulnerability.io/vulnerability/CVE-2023-22108,Unauthenticated Access Vulnerability in Oracle WebLogic Server,"An unauthenticated access vulnerability exists in Oracle WebLogic Server that allows an attacker with network access via T3 or IIOP protocols to exploit the system. This vulnerability can lead to unauthorized access to sensitive data within the WebLogic Server environment, potentially compromising critical operational information and leading to unauthorized data manipulation or exfiltration.",Oracle,Weblogic Server,7.5,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22086,https://securityvulnerability.io/vulnerability/CVE-2023-22086,Oracle WebLogic Server Vulnerability Exposes Sensitive Data,"A vulnerability in Oracle WebLogic Server allows an unauthenticated attacker with network access via T3 and IIOP protocols to compromise the server. Successful exploitation can lead to unauthorized access to sensitive and critical data stored within the WebLogic environment. Affected versions include 12.2.1.4.0 and 14.1.1.0.0, emphasizing the need for immediate remediation to protect valuable information from potential breaches.",Oracle,Weblogic Server,7.5,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22072,https://securityvulnerability.io/vulnerability/CVE-2023-22072,Unauthenticated Access Vulnerability in Oracle WebLogic Server,"A vulnerability exists in Oracle WebLogic Server that could allow an unauthenticated attacker with network access via T3 or IIOP to compromise the server. If successfully exploited, this vulnerability could enable the attacker to take control of the affected system, impacting its confidentiality, integrity, and availability. All users of the impacted version should take immediate action to mitigate the risks associated with this security threat.",Oracle,WebLogic Server,9.8,CRITICAL,0.0006099999882280827,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22101,https://securityvulnerability.io/vulnerability/CVE-2023-22101,Unauthenticated Access Vulnerability in Oracle WebLogic Server by Oracle,"A vulnerability exists within Oracle WebLogic Server that could allow an unauthenticated attacker with network access to compromise the server via T3 and IIOP protocols. This vulnerability affects specific versions of WebLogic Server, enabling potential takeover of the server by exploiting its network accessibility. As organizations leverage Oracle Fusion Middleware, addressing this vulnerability is crucial to safeguarding sensitive data and ensuring robust security measures are in place.",Oracle,WebLogic Server,8.1,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22089,https://securityvulnerability.io/vulnerability/CVE-2023-22089,Exploitable Vulnerability in Oracle WebLogic Server by Oracle,"A serious vulnerability exists in older versions of Oracle WebLogic Server, specifically in Oracle Fusion Middleware's core component. This flaw allows unauthenticated attackers with network access via T3 and IIOP protocols to compromise the affected server easily. If exploited, the vulnerability could lead to complete control over the server, potentially resulting in significant data breaches and operational disruptions.",Oracle,WebLogic Server,9.8,CRITICAL,0.0006099999882280827,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22069,https://securityvulnerability.io/vulnerability/CVE-2023-22069,"Vulnerability in Oracle WebLogic Server, Oracle Fusion Middleware","A vulnerability exists in Oracle WebLogic Server within the Oracle Fusion Middleware suite, specifically impacting versions 12.2.1.4.0 and 14.1.1.0.0. This flaw allows an unauthenticated attacker with network access via T3 and IIOP protocols to compromise the server, potentially leading to complete takeover. Exploiting this vulnerability is relatively straightforward and poses serious risks to data confidentiality, integrity, and availability. Users are urged to apply appropriate patches and follow security best practices to mitigate potential threats.",Oracle,WebLogic Server,9.8,CRITICAL,0.0006099999882280827,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22040,https://securityvulnerability.io/vulnerability/CVE-2023-22040,,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are 12.2.1.4.0 and  14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).",Oracle,Weblogic Server,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-22031,https://securityvulnerability.io/vulnerability/CVE-2023-22031,,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are 14.1.1.0.0 and  12.2.1.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 4.4 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).",Oracle,Weblogic Server,4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-21931,https://securityvulnerability.io/vulnerability/CVE-2023-21931,Remote Command Execution Vulnerability in Oracle WebLogic Server,"A vulnerability exists within Oracle WebLogic Server that allows an unauthenticated attacker with network access via T3 to exploit the system. This weakness can enable unauthorized access to sensitive data or, in some cases, give an attacker complete control over all data accessible within the Oracle WebLogic Server environment. The supported versions affected by this issue are 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. It is crucial for organizations operating these versions to apply the appropriate patches to mitigate potential risks.",Oracle,Weblogic Server,7.5,HIGH,0.0004299999854993075,false,false,false,true,true,false,false,2023-04-18T20:15:00.000Z,0
CVE-2023-21979,https://securityvulnerability.io/vulnerability/CVE-2023-21979,Unauthenticated Remote Access Vulnerability in Oracle WebLogic Server,"This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access over T3 to exploit weaknesses in the Core component. Attackers can gain unauthorized access, potentially compromising sensitive data and resources on the server. Affected versions include 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. Organizations using these versions are urged to apply security patches promptly to protect their data integrity and secure their systems against unauthorized access.",Oracle,Weblogic Server,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0
CVE-2023-21964,https://securityvulnerability.io/vulnerability/CVE-2023-21964,Denial of Service Vulnerability in Oracle WebLogic Server by Oracle,"A vulnerability exists in Oracle WebLogic Server within Oracle Fusion Middleware, affecting specific versions that allow unauthenticated network attackers to exploit the T3 protocol. This vulnerability can be easily exploited, potentially leading to significant disruptions by causing the server to hang or repeatedly crash, impacting service availability. Organizations using the affected versions should prioritize applying the necessary patches to mitigate the risk.",Oracle,Weblogic Server,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0