- Description
- Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
- Source
- secalert_us@oracle.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Data from CISA
- Vulnerability name
- Oracle WebLogic Server Unspecified Vulnerability
- Exploit added on
- Jan 7, 2025
- Exploit action due
- Jan 28, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CISA has flagged 3 actively exploited vulnerabilities—two in Mitel MiCollab and one in Oracle WebLogic Server. ⤷ CVE-2024-41713: Remote access via path traversal. ⤷ CVE-2024-55550: Exploited by attackers with admin privileges. ⤷ CVE-2020-2883: A high-severity… https://t.co/i
@Kill_billw
3 Feb 2025
246 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Absolute madness from CISA for this exploitation, two in Mitel MiCollab and one in Oracle WebLogic Server. 👽 • CVE-2024-41713: Remote access. • CVE-2024-55550: Exploited by attackers with admin privileges. • CVE-2020-2883: A high-severity vulnerability in Oracle WebLogic.
@byt3n33dl3
8 Jan 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HelpNet] Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers. CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities... https://t.co/vCdTJ0Mu3h
@shah_sheikh
8 Jan 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has flagged 3 actively exploited vulnerabilities—two in Mitel MiCollab and one in Oracle WebLogic Server. ⤷ CVE-2024-41713: Remote access via path traversal. ⤷ CVE-2024-55550: Exploited by attackers with admin privileges. ⤷ CVE-2020-2883: A high-severity vulnerability in… h
@TheHackersNews
8 Jan 2025
41471 Impressions
41 Retweets
103 Likes
14 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462"
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811"
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
}
],
"operator": "OR"
}
]
}
]