Oracle Weblogic Server vulnerabilities
306 known vulnerabilities affecting oracle/weblogic_server.
Total CVEs
306
CISA KEV
15
actively exploited
Public exploits
33
Exploited in wild
22
Severity breakdown
CRITICAL81HIGH92MEDIUM129LOW4
Vulnerabilities
Page 7 of 16
CVE-2020-14841CRITICALCVSS 9.8v10.3.6.0.0v12.1.3.0.0+3 more2020-10-21
CVE-2020-14841 [CRITICAL] CVE-2020-14841: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of
nvd
CVE-2020-14882CRITICALCVSS 9.8KEVPoCv10.3.6.0.0v12.1.3.0.0+3 more2020-10-21
CVE-2020-14882 [CRITICAL] CVE-2020-14882: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks
nvd
CVE-2020-14859CRITICALCVSS 9.8v10.3.6.0.0v12.1.3.0.0+3 more2020-10-21
CVE-2020-14859 [CRITICAL] CVE-2020-14859: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks
nvd
CVE-2020-14825CRITICALCVSS 9.8v12.2.1.3.0v12.2.1.4.0+1 more2020-10-21
CVE-2020-14825 [CRITICAL] CVE-2020-14825: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability c
nvd
CVE-2020-14820HIGHCVSS 7.5v10.3.6.0.0v12.1.3.0.0+3 more2020-10-21
CVE-2020-14820 [HIGH] CVE-2020-14820: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of
nvd
CVE-2020-14883HIGHCVSS 7.2KEVPoCv10.3.6.0.0v12.1.3.0.0+3 more2020-10-21
CVE-2020-14883 [HIGH] CVE-2020-14883: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of t
nvd
CVE-2020-14757MEDIUMCVSS 6.8v12.2.1.3.02020-10-21
CVE-2020-14757 [MEDIUM] CVE-2020-14757: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Serv
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). The supported version that is affected is 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other
nvd
CVE-2020-5421MEDIUMCVSS 6.5v10.3.6.0.0v12.1.3.0.0+3 more2020-09-19
CVE-2020-5421 [MEDIUM] CVE-2020-5421: In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and olde
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
nvd
CVE-2020-14644CRITICALCVSS 9.8KEVPoCv12.2.1.3.0v12.2.1.4.0+1 more2020-07-15
CVE-2020-14644 [CRITICAL] CVE-2020-14644: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability c
nvd
CVE-2020-14645CRITICALCVSS 9.8v10.3.6.0.0v12.1.3.0.0+3 more2020-07-15
CVE-2020-14645 [CRITICAL] CVE-2020-14645: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks
nvd
CVE-2020-14687CRITICALCVSS 9.8v12.2.1.3.0v12.2.1.4.0+1 more2020-07-15
CVE-2020-14687 [CRITICAL] CVE-2020-14687: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability c
nvd
CVE-2020-14625CRITICALCVSS 9.8v12.2.1.3.0v12.2.1.4.0+1 more2020-07-15
CVE-2020-14625 [CRITICAL] CVE-2020-14625: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability c
nvd
CVE-2020-14589HIGHCVSS 7.5v10.3.6.0.0v12.1.3.0.0+3 more2020-07-15
CVE-2020-14589 [HIGH] CVE-2020-14589: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Cont
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attack
nvd
CVE-2020-2967HIGHCVSS 7.5v10.3.6.0.0v12.1.3.0.0+3 more2020-07-15
CVE-2020-2967 [HIGH] CVE-2020-2967: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Serv
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attac
nvd
CVE-2020-14639HIGHCVSS 7.5v12.1.3.0.0v12.2.1.3.0+2 more2020-07-15
CVE-2020-14639 [HIGH] CVE-2020-14639: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample a
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vuln
nvd
CVE-2020-14588HIGHCVSS 8.2v10.3.6.0.0v12.1.3.0.0+3 more2020-07-15
CVE-2020-14588 [HIGH] CVE-2020-14588: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Cont
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attack
nvd
CVE-2020-2966MEDIUMCVSS 5.4v10.3.6.0.0v12.1.3.0.0+2 more2020-07-15
CVE-2020-2966 [MEDIUM] CVE-2020-2966: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human in
nvd
CVE-2020-14636MEDIUMCVSS 6.1v12.1.3.0.0v12.2.1.3.0+2 more2020-07-15
CVE-2020-14636 [MEDIUM] CVE-2020-14636: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample a
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require hu
nvd
CVE-2020-14640MEDIUMCVSS 6.1v12.1.3.0.0v12.2.1.3.0+2 more2020-07-15
CVE-2020-14640 [MEDIUM] CVE-2020-14640: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample a
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require hu
nvd
CVE-2020-14622MEDIUMCVSS 4.9v10.3.6.0.0v12.1.3.0.0+3 more2020-07-15
CVE-2020-14622 [MEDIUM] CVE-2020-14622: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of th
nvd