VDB
CVE-2022-21371
CVE-2022-21371
PUBLISHED
CVSS 7.5 HIGH
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
EPSS 93.42% · 99.8th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
93.42%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle Corporation | WebLogic Server | 14.1.1.0.0, 12.1.3.0.0, 12.2.1.3.0 |
| oracle | weblogic_server | 12.1.3.0.0, 12.2.1.3.0, 14.1.1.0.0 |
Timeline
- CVE Published
- Jan 27, 2022 PoC Published
- Feb 8, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- May 24, 2022 EPSS Score
- Jul 15, 2022 EPSS Score
- Sep 7, 2022 EPSS Score
- Sep 30, 2022 PoC Published
- Oct 28, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 20, 2022 EPSS Score
- Feb 11, 2023 EPSS Score