CVE-2017-10123

MEDIUM

Oracle WebLogic Server <12.1.3.0 - Info Disclosure

Title source: llm

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

References (3)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99650

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038939

Scores

CVSS v3 4.3

EPSS 0.0020

EPSS Percentile 42.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (2)

oracle/weblogic_server

Oracle Corporation/WebLogic Server < 12.1.3.0

Published Aug 08, 2017

Tracked Since Feb 18, 2026