VDB

CVE-2022-21616

CVE-2022-21616 PUBLISHED CVSS 5.199999809265137 MEDIUM

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data and unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H).

EPSS 0.04% · 14.1th percentile

Risk Scores

CVSS 3.1
5.199999809265137
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
EPSS Score
0.04%
14.1th percentile

Affected Products

VendorProductVersions
oracleweblogic_server12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
Oracle CorporationWebLogic Server12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Timeline

  • Oct 18, 2022 CVE Published
  • Oct 19, 2022 EPSS Score
  • Dec 2, 2022 EPSS Score
  • Jan 15, 2023 EPSS Score
  • Feb 27, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 12, 2023 EPSS Score
  • May 26, 2023 EPSS Score
  • Jul 9, 2023 EPSS Score
  • Aug 21, 2023 EPSS Score
  • Oct 4, 2023 EPSS Score
  • Nov 17, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›