Impact
A vulnerability in Oracle WebLogic Server allows an unauthenticated attacker with network access via TCP to compromise the server, potentially resulting in full takeover and compromising confidentiality, integrity, and availability. This is a CWE‑502 Unserialize Untrusted Data flaw. The CVSS 3.1 score of 9.8 and vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H reflect the severity.
Affected Systems
Oracle WebLogic Server versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 within Oracle Fusion Middleware (Core component) are affected.
Risk and Exploitability
The high CVSS score indicates severe impact, while the EPSS score of less than 1% suggests a low yet nonzero probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. An attacker with network access over TCP can exploit the flaw without authentication, making it easily exploitable and posing a significant risk to environments where WebLogic Server is exposed.
OpenCVE Enrichment