Oracle Weblogic Server vulnerabilities
306 known vulnerabilities affecting oracle/weblogic_server.
Total CVEs
306
CISA KEV
15
actively exploited
Public exploits
31
Exploited in wild
22
Severity breakdown
CRITICAL81HIGH92MEDIUM129LOW4
Vulnerabilities
Page 1 of 16
CVE-2025-61752HIGHCVSS 7.5v14.1.1.0.0v14.1.2.0.02025-10-21
CVE-2025-61752 [HIGH] CWE-306 CVE-2025-61752: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in
nvd
CVE-2025-61764MEDIUMCVSS 5.3v12.2.1.4.0v14.1.1.0.0+1 more2025-10-21
CVE-2025-61764 [MEDIUM] CWE-200 CVE-2025-61764: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability c
nvd
CVE-2025-30762HIGHCVSS 7.5v12.2.1.4.0v14.1.1.0.0+1 more2025-07-15
CVE-2025-30762 [HIGH] CWE-306 CVE-2025-30762: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability
nvd
CVE-2025-50064MEDIUMCVSS 4.8v12.2.1.4.0v14.1.1.0.0+1 more2025-07-15
CVE-2025-50064 [MEDIUM] CWE-269 CVE-2025-50064: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interacti
nvd
CVE-2025-50073MEDIUMCVSS 6.1v12.2.1.4.0v14.1.1.0.0+1 more2025-07-15
CVE-2025-50073 [MEDIUM] CWE-285 CVE-2025-50073: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Cont
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require huma
nvd
CVE-2025-50072MEDIUMCVSS 4.0v12.2.1.4.0v14.1.1.0.0+1 more2025-07-15
CVE-2025-50072 [MEDIUM] CWE-284 CVE-2025-50072: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server.
nvd
CVE-2025-30753MEDIUMCVSS 6.5v12.2.1.4.0v14.1.1.0.0+1 more2025-07-15
CVE-2025-30753 [MEDIUM] CWE-400 CVE-2025-30753: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability ca
nvd
CVE-2025-21535CRITICALCVSS 9.8v12.2.1.4.0v14.1.1.0.02025-01-21
CVE-2025-21535 [CRITICAL] CWE-306 CVE-2025-21535: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can res
nvd
CVE-2025-21549HIGHCVSS 7.5v14.1.1.0.02025-01-21
CVE-2025-21549 [HIGH] CWE-400 CVE-2025-21549: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized
nvd
CVE-2024-21216CRITICALCVSS 9.8v12.2.1.4.0v14.1.1.0.02024-10-15
CVE-2024-21216 [CRITICAL] CWE-862 CVE-2024-21216: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can res
nvd
CVE-2024-21274HIGHCVSS 7.5≥ 12.2.1.4.0, ≤ 14.1.1.0.02024-10-15
CVE-2024-21274 [HIGH] CWE-120 CVE-2024-21274: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result
nvd
CVE-2024-21234HIGHCVSS 7.5v12.2.1.4.0v14.1.1.0.02024-10-15
CVE-2024-21234 [HIGH] CWE-862 CVE-2024-21234: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result
nvd
CVE-2024-21260HIGHCVSS 7.5v12.2.1.4.0v14.1.1.0.02024-10-15
CVE-2024-21260 [HIGH] CWE-863 CVE-2024-21260: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result
nvd
CVE-2024-21181CRITICALCVSS 9.8v12.2.1.4.0v14.1.1.0.02024-07-16
CVE-2024-21181 [CRITICAL] CVE-2024-21181: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in t
nvd
CVE-2024-21175CRITICALCVSS 9.1v12.2.1.4.0v14.1.1.0.02024-07-16
CVE-2024-21175 [HIGH] CWE-787 CVE-2024-21175: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in u
nvd
CVE-2024-21182HIGHCVSS 7.5v12.2.1.4.0v14.1.1.0.02024-07-16
CVE-2024-21182 [HIGH] CVE-2024-21182: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unaut
nvd
CVE-2024-21183HIGHCVSS 7.5v12.2.1.4.0v14.1.1.0.02024-07-16
CVE-2024-21183 [HIGH] CWE-306 CVE-2024-21183: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result
nvd
CVE-2024-21006HIGHCVSS 7.5v12.2.1.4.0v14.1.1.0.02024-04-16
CVE-2024-21006 [HIGH] CWE-306 CVE-2024-21006: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result
nvd
CVE-2024-21007HIGHCVSS 7.5v12.2.1.4.0v14.1.1.0.02024-04-16
CVE-2024-21007 [HIGH] CWE-306 CVE-2024-21007: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result
nvd
CVE-2024-20927HIGHCVSS 8.6v12.2.1.4.0v14.1.1.0.02024-02-17
CVE-2024-20927 [HIGH] CWE-284 CVE-2024-20927: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, at
nvd
1 / 16Next →