Oracle WebLogic Server Core Vulnerability: CVE-2024-20986 (Critical)

2024-11-27

Vulnerability :

This critical vulnerability exists in Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0. An unauthenticated attacker with network access can exploit this vulnerability to gain unauthorized access to Oracle WebLogic Server data. This may include unauthorized modification, deletion, or viewing of sensitive information. While user interaction is required for a successful attack, the impact can extend beyond WebLogic Server itself.

Vulnerability Details:

Platform: Oracle WebLogic Server (Core component)
Version: 12.2.1.4.0, 14.1.1.0.0
Vulnerability: Security Feature Bypass
Severity: Critical (CVSS 3.1 Base Score: 6.1)
Date: Published: February 16, 2024, Last Modified: November 27, 2024

What Undercode Says:

This is a critical vulnerability that Oracle WebLogic Server users should address immediately. Unauthenticated attackers can potentially gain significant access to sensitive data. Update to the latest patched versions as soon as possible and implement any additional security measures recommended by Oracle.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top