ID CVE-2017-3248
Summary Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:12.2.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:12.2.1.1.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 02-04-2019 - 17:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 95465
confirm http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
exploit-db 44998
misc
sectrack 1037632
Last major update 02-04-2019 - 17:29
Published 27-01-2017 - 22:59
Last modified 02-04-2019 - 17:29
Back to Top