CVE-2021-1995Out-of-bounds Read in Corporation Weblogic Server

CWE-125Out-of-bounds ReadCWE-863Incorrect Authorization7 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 52.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Weblogic ServerOracle Weblogic Server
Timeline
PublishedJan 20
Latest updateJul 1

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDoracle/weblogic_server10.3.6.0.0, 12.1.3.0.0+1
CVEListV5oracle_corporation/weblogic_server10.3.6.0.0, 12.1.3.0.0+1

🔴Vulnerability Details

3
GHSA
Incorrect Authorization in Jenkins requests-plugin2022-07-01
GHSA
GHSA-3mq7-67j8-qhqj: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services)2022-05-24
CVEList
CVE-2021-1995: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services)2021-01-20

💥Exploits & PoCs

1
Exploit-DB
Virtue Classifieds - 'category' SQL Injection2009-06-08

📋Vendor Advisories

2
Red Hat
libsolv: heap-overflows in resolve_dependencies function2022-02-21
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Web Services — CVE-2021-19952021-01-15
CVE-2021-1995 — Out-of-bounds Read | cvebase