Vulnerability in Oracle Corporation Weblogic Server
CVE-2021-2109
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability…
EPSS: 0.917 (99.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Oracle Corporation Weblogic Server — versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0
Public proof-of-concept exploits
References
- www.oracle.com/security-alerts/cpujan2021.html (x_refsource_MISC)
- packetstormsecurity.com/files/161053/Oracle-WebLogic-Server-14.1.1.0-Remote-Cod… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-2109?
- CVE-2021-2109 is a high-severity vulnerability in Oracle Corporation Weblogic Server. CVSS score: 7.2/10. Published 2021-01-20.
- How severe is CVE-2021-2109?
- High severity. CVSS v3 base score is 7.2 out of 10.
- Is CVE-2021-2109 known to be exploited?
- 86 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.