Impact
A flaw in the Console component of Oracle WebLogic Server permits an unauthenticated attacker with network access via HTTP to compromise the server. The vulnerability is categorized as CWE‑601 and its exploitation is considered difficult, requiring a human interaction from a party other than the attacker. When successfully exploited, the attacker can take full control of the WebLogic Server, resulting in loss of confidentiality, integrity and availability. The CVSS v3.1 base score of 8.3 reflects the severe impact on all three core security properties.
Affected Systems
Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 are affected. These deployments are common in enterprise environments and can influence additional Fusion Middleware components.
Risk and Exploitability
The high CVSS score indicates a serious vulnerability, yet the EPSS score of less than 1% suggests that exploitation attempts are presently uncommon. Because the vulnerability is not listed in the CISA KEV catalog, no confirmed public exploitation is documented. The likely attack vector is a network‑based HTTP request to the Console endpoint; however, the difficulty of exploitation and requirement for human interaction reduce the immediate threat. If an attacker does succeed, privilege is elevated to administrative level, enabling a complete takeover of the server and potential cascading impact on other products in the same environment.
OpenCVE Enrichment