CVE-2022-21306

CRITICAL

Oracle WebLogic Server <14.1.1.0.0 - RCE

Title source: llm

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (1)

nomisec STUB 1 stars

by hktalent · poc

https://github.com/hktalent/CVE-2022-21306

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.oracle.com/security-alerts/cpujan2022.html

Scores

CVSS v3 9.8

EPSS 0.3695

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

Status published

Products (4)

oracle/weblogic_server 12.1.3.0.0

oracle/weblogic_server 12.2.1.3.0

oracle/weblogic_server 12.2.1.4.0

oracle/weblogic_server 14.1.1.0.0

Published Jan 19, 2022

Tracked Since Feb 18, 2026