VDB

CVE-2021-2109

CVE-2021-2109 PUBLISHED CVSS 7.199999809265137 HIGH

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

EPSS 91.73% · 99.7th percentile

Risk Scores

CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
91.73%
99.7th percentile

Affected Products

VendorProductVersions
Oracle CorporationWebLogic Server14.1.1.0.0, 10.3.6.0.0, 12.1.3.0.0
oracleweblogic_server12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Exploit Intelligence

…and 37 more exploits

Timeline

  • Jan 20, 2021 CVE Published
  • Jan 20, 2021 PoC Published
  • Jan 22, 2021 PoC Published
  • Jan 27, 2021 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›