cbcvebase.

Oracle Weblogic Server vulnerabilities

309 known vulnerabilities affecting oracle/weblogic_server.

Total CVEs
309
CISA KEV
16
actively exploited
Public exploits
33
Exploited in wild
22
Severity breakdown
CRITICAL81HIGH94MEDIUM130LOW4

Vulnerabilities

Page 8 of 16
CVE-2020-14636MEDIUMCVSS 6.1v12.1.3.0.0v12.2.1.3.0+2 more2020-07-15
CVE-2020-14636 [MEDIUM] CVE-2020-14636: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample a Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require hu
nvd
CVE-2020-14640MEDIUMCVSS 6.1v12.1.3.0.0v12.2.1.3.0+2 more2020-07-15
CVE-2020-14640 [MEDIUM] CVE-2020-14640: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample a Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require hu
nvd
CVE-2020-14622MEDIUMCVSS 4.9v10.3.6.0.0v12.1.3.0.0+3 more2020-07-15
CVE-2020-14622 [MEDIUM] CVE-2020-14622: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of th
nvd
CVE-2020-14557MEDIUMCVSS 6.8v12.1.3.0.0v12.2.1.3.0+2 more2020-07-15
CVE-2020-14557 [MEDIUM] CVE-2020-14557: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Cont Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks requir
nvd
CVE-2020-14652MEDIUMCVSS 6.5v10.3.6.0.0v12.1.3.0.0+3 more2020-07-15
CVE-2020-14652 [MEDIUM] CVE-2020-14652: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of th
nvd
CVE-2020-14572MEDIUMCVSS 6.1v10.3.6.0.0v12.1.3.0.0+2 more2020-07-15
CVE-2020-14572 [MEDIUM] CWE-79 CVE-2020-14572: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console) Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require
nvd
CVE-2020-14638MEDIUMCVSS 6.1v12.1.3.0.0v12.2.1.3.0+2 more2020-07-15
CVE-2020-14638 [MEDIUM] CVE-2020-14638: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample a Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require hu
nvd
CVE-2020-14637MEDIUMCVSS 6.1v12.1.3.0.0v12.2.1.3.0+2 more2020-07-15
CVE-2020-14637 [MEDIUM] CVE-2020-14637: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample a Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require hu
nvd
CVE-2020-10693MEDIUMCVSS 5.3v14.1.1.0.02020-05-06
CVE-2020-10693 [MEDIUM] CWE-20 CVE-2020-10693: A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation proc A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
nvd
CVE-2020-11023MEDIUMCVSS 6.1KEVPoCv12.1.3.0.0v12.2.1.3.0+2 more2020-04-29
CVE-2020-11023 [MEDIUM] CWE-79 CVE-2020-11023: In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
nvd
CVE-2020-11022MEDIUMCVSS 6.1ExploitedPoCv10.3.6.0.0v12.1.3.0.0+3 more2020-04-29
CVE-2020-11022 [MEDIUM] CWE-79 CVE-2020-11022: In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sa In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
nvd
CVE-2020-9488LOWCVSS 3.7v10.3.6.0.02020-04-27
CVE-2020-9488 [LOW] CWE-295 CVE-2020-9488: Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allo Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
nvd
CVE-2020-2801CRITICALCVSS 9.8v10.3.6.0.0v12.1.3.0.0+2 more2020-04-15
CVE-2020-2801 [CRITICAL] CVE-2020-2801: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulne
nvd
CVE-2020-2884CRITICALCVSS 9.8v10.3.6.0.0v12.1.3.0.0+2 more2020-04-15
CVE-2020-2884 [CRITICAL] CVE-2020-2884: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulne
nvd
CVE-2020-2883CRITICALCVSS 9.8KEVPoCv10.3.6.0.0v12.1.3.0.0+2 more2020-04-15
CVE-2020-2883 [CRITICAL] CVE-2020-2883: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulne
nvd
CVE-2020-2867HIGHCVSS 8.2v12.1.3.0.0v12.2.1.3.0+1 more2020-04-15
CVE-2020-2867 [HIGH] CVE-2020-2867: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Cont Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability ca
nvd
CVE-2020-2798HIGHCVSS 7.2v10.3.6.0.0v12.1.3.0.0+2 more2020-04-15
CVE-2020-2798 [HIGH] CVE-2020-2798: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of thi
nvd
CVE-2020-2963HIGHCVSS 7.2v10.3.6.0.0v12.1.3.0.0+2 more2020-04-15
CVE-2020-2963 [HIGH] CVE-2020-2963: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Serv Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this v
nvd
CVE-2020-2828HIGHCVSS 7.5v10.3.6.0.02020-04-15
CVE-2020-2828 [HIGH] CVE-2020-2828: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthor
nvd
CVE-2020-2766MEDIUMCVSS 5.3v10.3.6.0.0v12.1.3.0.0+2 more2020-04-15
CVE-2020-2766 [MEDIUM] CVE-2020-2766: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console) Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerab
nvd
← Previous8 / 16Next →