APP: Oracle Fusion Middleware Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Oracle Fusion Middleware. A successful attack can lead to arbitrary code execution.
Extended Description
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Affected Products
Oracle weblogic_server
References
CVE: CVE-2023-21839
Short Name
APP:ORACLE:WEBLOGIC-RCE-T3
Severity
Major
Recommended
False
Recommended Action
None
Category
APP
Keywords
CVE-2023-21839 Code Execution Fusion Middleware Oracle Remote
Release Date
05/05/2023
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
Sigpack Version
3596
False Positive
Rarely
Vendors
Oracle