| VID |
210285 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by vulnerability as referenced in the October 2024 CPU advisory:
- Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.(CVE-2024-21216)
* References:
https://www.oracle.com/docs/tech/security-alerts/cpuoct2024csaf.json
https://www.oracle.com/security-alerts/cpuoct2024.html
* Platforms Affected:
WebLogic Server 12.2.1.4.0, 14.1.1.0.0 version |
| Recommendation |
Upgrade WebLogic Server 12.2.1.4.0 Patch 37087476, 14.1.1.0.0 Patch 37087534 |
| Related URL |
CVE-2024-21216 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
