CVE-2022-21350

MEDIUM

Oracle WebLogic Server 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 - Unauthenticated Partial Denial of Service via T3

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-21350. PoCs published by hktalent.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2022-21350, a deserialization vulnerability in Oracle WebLogic Server. It includes payload generation, LDAP server setup, and HTTP server components to exploit the vulnerability via T3 protocol.

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).

Exploits (1)

nomisec WORKING POC 3 stars

by hktalent · poc

https://github.com/hktalent/CVE-2022-21350

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2022-21350, a deserialization vulnerability in Oracle WebLogic Server. It includes payload generation, LDAP server setup, and HTTP server components to exploit the vulnerability via T3 protocol.

Classification

Working Poc 95%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Oracle WebLogic Server (12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0)

No auth needed

Prerequisites: Docker environment for WebLogic · LDAP server for payload delivery · HTTP server for class file hosting

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujan2022.html

Scores

CVSS v3 6.5

EPSS 0.0362

EPSS Percentile 88.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

Status published

Products (4)

oracle/weblogic_server 12.1.3.0.0

oracle/weblogic_server 12.2.1.3.0

oracle/weblogic_server 12.2.1.4.0

oracle/weblogic_server 14.1.1.0.0

Published Jan 19, 2022

Tracked Since Feb 18, 2026