Skip to main content

Enterprise Repository CVE-2021-1994

CRITICAL
2021-01-20 secalert_us@oracle.com
9.8
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (oracle) · only source for this CVE.

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 20, 2021 - 15:15 cve.org
CRITICAL 9.8

DescriptionCVE.org

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Affected products include: Oracle Enterprise Repository, Oracle Weblogic Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-11998 CRITICAL
9.8 Sep 10

A regression has been introduced in the commit preventing JMX re-bind. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2019-2904 CRITICAL
9.8 Oct 16

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Rated critica

CVE-2018-1000613 CRITICAL
9.8 Jul 09

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contain

CVE-2018-8013 CRITICAL
9.8 May 24

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the in

CVE-2018-1258 HIGH
8.8 May 11

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization b

CVE-2017-10048 HIGH
8.2 Aug 08

Vulnerability in the Oracle Enterprise Repository component of Oracle Fusion Middleware (subcomponent: Web Interface). R

CVE-2020-11979 HIGH
7.5 Oct 01

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the

CVE-2020-11994 HIGH
7.5 Jul 08

Server-Side Template Injection and arbitrary file disclosure on Camel templating components. Rated high severity (CVSS 7

CVE-2019-0188 HIGH
7.5 May 28

Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an out

CVE-2019-0222 HIGH
7.5 Mar 28

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it

CVE-2018-3246 HIGH
7.5 Oct 17

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Ra

CVE-2018-1000180 HIGH
7.5 Jun 05

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key p

Share

CVE-2021-1994 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy