CVE-2021-2135

CRITICAL EXPLOITED NUCLEI

Oracle WebLogic Server <14.1.1.0.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-2135 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Nuclei Templates (1)

Oracle WebLogic Server - Remote Code Execution
CRITICALVERIFIEDby hnd3884
Shodan: cpe:"cpe:2.3:a:oracle:weblogic_server" || product:"WebLogic" || http.server:"WebLogic" || port:7001
FOFA: product="WebLogic" || header="WebLogic Server"

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2021.html

Scores

CVSS v3 9.8
EPSS 0.0837
EPSS Percentile 94.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2021-10-07
Status published
Products (3)
oracle/weblogic_server 12.2.1.3.0
oracle/weblogic_server 12.2.1.4.0
oracle/weblogic_server 14.1.1.0.0
Published Apr 22, 2021
Tracked Since Feb 18, 2026