Impact
The flaw is located within the WebLogic Server console component. It allows an attacker who already possesses high privileges to gain full control of the server. An exploited instance would experience loss of confidentiality, integrity, and availability, effectively leading to a takeover of the WebLogic Server.
Affected Systems
Oracle WebLogic Server versions 14.1.2.0.0 and 15.1.1.0.0 are impacted. The vulnerability is specific to the console component of that product, and no other WebLogic Server components are listed as affected.
Risk and Exploitability
The base CVSS score of 6.6 indicates moderate severity but high impact on all three core security dimensions. The EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to have high privileges and network access via HTTP. Although difficult to exploit, a successful attack would result in complete server compromise.
OpenCVE Enrichment