CVE-2022-21616
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data and unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H).
EPSS 0.04% · 14.1th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | weblogic_server | 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 |
| Oracle Corporation | WebLogic Server | 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 |
Exploit Intelligence
Timeline
- Oct 18, 2022 CVE Published
- Oct 19, 2022 EPSS Score
- Dec 2, 2022 EPSS Score
- Jan 15, 2023 EPSS Score
- Feb 27, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 12, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 9, 2023 EPSS Score
- Aug 21, 2023 EPSS Score
- Oct 4, 2023 EPSS Score
- Nov 17, 2023 EPSS Score