Oracle Weblogic Server vulnerabilities

306 known vulnerabilities affecting oracle/weblogic_server.

Total CVEs

306

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL81HIGH92MEDIUM129LOW4

Vulnerabilities

Page 8 of 16

CVE-2020-14557MEDIUMCVSS 6.8v12.1.3.0.0v12.2.1.3.0+2 more2020-07-15

CVE-2020-14557 [MEDIUM] CVE-2020-14557: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Cont Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks requir

nvd

CVE-2020-14652MEDIUMCVSS 6.5v10.3.6.0.0v12.1.3.0.0+3 more2020-07-15

CVE-2020-14652 [MEDIUM] CVE-2020-14652: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of th

nvd

CVE-2020-14572MEDIUMCVSS 6.1v10.3.6.0.0v12.1.3.0.0+2 more2020-07-15

CVE-2020-14572 [MEDIUM] CWE-79 CVE-2020-14572: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console) Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require

nvd

CVE-2020-14638MEDIUMCVSS 6.1v12.1.3.0.0v12.2.1.3.0+2 more2020-07-15

CVE-2020-14638 [MEDIUM] CVE-2020-14638: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample a Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require hu

nvd

CVE-2020-14637MEDIUMCVSS 6.1v12.1.3.0.0v12.2.1.3.0+2 more2020-07-15

CVE-2020-14637 [MEDIUM] CVE-2020-14637: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample a Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require hu

nvd

CVE-2020-10693MEDIUMCVSS 5.3v14.1.1.0.02020-05-06

CVE-2020-10693 [MEDIUM] CWE-20 CVE-2020-10693: A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation proc A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

nvd

CVE-2020-11023MEDIUMCVSS 6.1KEVPoCv12.1.3.0.0v12.2.1.3.0+2 more2020-04-29

CVE-2020-11023 [MEDIUM] CWE-79 CVE-2020-11023: In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

nvd

CVE-2020-11022MEDIUMCVSS 6.1ExploitedPoCv10.3.6.0.0v12.1.3.0.0+3 more2020-04-29

CVE-2020-11022 [MEDIUM] CWE-79 CVE-2020-11022: In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sa In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

nvd

CVE-2020-9488LOWCVSS 3.7v10.3.6.0.02020-04-27

CVE-2020-9488 [LOW] CWE-295 CVE-2020-9488: Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allo Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

nvd

CVE-2020-2801CRITICALCVSS 9.8v10.3.6.0.0v12.1.3.0.0+2 more2020-04-15

CVE-2020-2801 [CRITICAL] CVE-2020-2801: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulne

nvd

CVE-2020-2884CRITICALCVSS 9.8v10.3.6.0.0v12.1.3.0.0+2 more2020-04-15

CVE-2020-2884 [CRITICAL] CVE-2020-2884: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulne

nvd

CVE-2020-2883CRITICALCVSS 9.8KEVPoCv10.3.6.0.0v12.1.3.0.0+2 more2020-04-15

CVE-2020-2883 [CRITICAL] CVE-2020-2883: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulne

nvd

CVE-2020-2867HIGHCVSS 8.2v12.1.3.0.0v12.2.1.3.0+1 more2020-04-15

CVE-2020-2867 [HIGH] CVE-2020-2867: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Cont Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability ca

nvd

CVE-2020-2798HIGHCVSS 7.2v10.3.6.0.0v12.1.3.0.0+2 more2020-04-15

CVE-2020-2798 [HIGH] CVE-2020-2798: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of thi

nvd

CVE-2020-2963HIGHCVSS 7.2v10.3.6.0.0v12.1.3.0.0+2 more2020-04-15

CVE-2020-2963 [HIGH] CVE-2020-2963: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Serv Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this v

nvd

CVE-2020-2828HIGHCVSS 7.5v10.3.6.0.02020-04-15

CVE-2020-2828 [HIGH] CVE-2020-2828: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthor

nvd

CVE-2020-2766MEDIUMCVSS 5.3v10.3.6.0.0v12.1.3.0.0+2 more2020-04-15

CVE-2020-2766 [MEDIUM] CVE-2020-2766: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console) Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerab

nvd

CVE-2020-2869MEDIUMCVSS 4.3v10.3.6.0.0v12.1.3.0.0+2 more2020-04-15

CVE-2020-2869 [MEDIUM] CVE-2020-2869: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console) Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human in

nvd

CVE-2020-2811MEDIUMCVSS 6.1v10.3.6.0.0v12.1.3.0.0+2 more2020-04-15

CVE-2020-2811 [MEDIUM] CVE-2020-2811: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console) Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human in

nvd

CVE-2020-2934MEDIUMCVSS 5.0v12.1.3.0.0v12.2.1.3.0+2 more2020-04-15

CVE-2020-2934 [MEDIUM] CVE-2020-2934: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported ve Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a

nvd

← Previous8 / 16Next →