Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-3586Oracle Weblogic Server vulnerability

7 documents4 sources
Severity
9.8CRITICALNVD
EPSS
11.6%
top 6.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Weblogic Server
Timeline
PublishedJul 21
Latest updateMay 14

Description

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3510.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDoracle/weblogic_server10.3.6.0.0, 12.1.3.0.0, 12.2.1.0.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-33g3-59w3-q9cj: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 102022-05-14
GHSA
GHSA-88m7-cp4v-hhw3: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 102022-05-14
CVEList
CVE-2016-3510: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 102016-07-21
CVEList
CVE-2016-3586: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 102016-07-21

💥Exploits & PoCs

1
Nuclei
Oracle WebLogic Server Java Object Deserialization - Remote Code Execution
CVE-2016-3586 — Oracle Weblogic Server vulnerability | cvebase