Impact
A remote console flaw in Oracle WebLogic Server allows a low‑privileged attacker with network access via HTTPS to compromise the server. The vulnerability enables the attacker to create, modify or delete critical data and to gain complete access to all data reachable through the console. The exploitation also allows unauthorized access to critical data or complete access to all WebLogic Server accessible data. The attack requires only minimal privileges, but requires human interaction from a person other than the attacker.
Affected Systems
Oracle WebLogic Server versions 14.1.2.0.0 and 15.1.1.0.0 are affected. The CVE notes that a scope change may allow the flaw to influence other WebLogic‑based products within the same environment.
Risk and Exploitability
Based on the CVE description, the flaw is a remote console vulnerability that permits a low‑privileged attacker with network connectivity over HTTPS to compromise the WebLogic Server. Successful exploitation requires human interaction from a person other than the attacker; the attacker need not have privileged credentials. The attack can lead to unauthorized creation, deletion, or modification of critical data and complete access to all data reachable through the console. The CVSS base score of 8.7 highlights severe confidentiality and integrity impacts. The EPSS score (<1%) and absence from the CISA KEV catalog indicate that widespread exploitation is currently unlikely.
OpenCVE Enrichment