Oracle WebLogic Server Unspecified Vulnerability (CVE-2023-21839)
Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.
A remote attacker, without authentication, can achieve full data confidentiality loss. Federal agencies are required to remediate by 2023-05-22 under CISA BOD 22-01.
This is a Deserialization of Untrusted Data (CWE-502) vulnerability in Oracle WebLogic Server. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
Active exploitation documented in the wild. Threat-research write-up: http://packetstormsecurity.com/files/172882/Oracle-Weblogic-PreAuth-Remote-Command-Execution.html
Get the fix
Apply the fixed package from your vendor. The advisory lists affected versions and the exact fixed build.
↗ Vendor advisoryManual remediation steps
Apply the Vendor Patch
This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.
CISA required action: Apply updates per vendor instructions.
References
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References
Related vulnerabilities
KB5000871: Microsoft Exchange Server 2013 / 2016 / 2019 Security Update (March 2021)
Microsoft Exchange Server
CVE-2021-26855
CRITICAL9.8KB5001779: Windows Server 2016 / 2019 Security Update (August 2021)
Microsoft Exchange Server
CVE-2021-34473
CRITICAL8.8KB5019758: Microsoft Exchange Server 2013 / 2016 / 2019 Security Update (October 2022)
Microsoft Exchange Server
CVE-2022-41040