Impact
A flaw in the Console component of Oracle WebLogic Server allows an attacker with low privileges and network access over HTTP to compromise the server. This vulnerability is rated CVSS 8.8, indicating high impact on confidentiality, integrity, and availability. Successful exploitation can result in complete takeover of the WebLogic Server, giving the attacker full control. It is inferred from the description that the attacker bypasses authorization controls to reach the console.
Affected Systems
Oracle Corporation WebLogic Server, versions 12.2.1.4.0 and 14.1.1.0.0, are affected. These versions correspond to the CPE strings reported for the product.
Risk and Exploitability
The EPSS score of less than 1 % means the exploitation probability is low, yet the vulnerability is not in CISA's KEV catalog. The likely attack vector is a low-privileged user accessing the vulnerable console over HTTP. It is inferred from the description that this access bypasses authorization controls. With a CVSS of 8.8, the risk is high for any organization that exposes a WebLogic console to the network.
OpenCVE Enrichment