CVE-2022-21371

HIGH EXPLOITED IN THE WILD NUCLEI

Oracle Weblogic Server - Path Traversal

Title source: rule

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Exploits (4)

exploitdb WORKING POC
by Jonah Tan · textremotewindows
https://www.exploit-db.com/exploits/50688
nomisec WORKING POC 27 stars
by Mr-xn · infoleak
https://github.com/Mr-xn/CVE-2022-21371
nomisec WORKING POC 19 stars
by Vulnmachines · poc
https://github.com/Vulnmachines/Oracle-WebLogic-CVE-2022-21371
nomisec SCANNER 1 stars
by Cappricio-Securities · poc
https://github.com/Cappricio-Securities/CVE-2022-21371

Nuclei Templates (1)

Oracle WebLogic Server Local File Inclusion
HIGHby paradessia,narluin
Shodan: http.title:"oracle peoplesoft sign-in" || product:"oracle weblogic"
FOFA: title="oracle peoplesoft sign-in"

References (2)

Scores

CVSS v3 7.5
EPSS 0.9342
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2022-08-19
InTheWild.io 2022-08-19
CWE
CWE-22
Status published
Products (4)
oracle/weblogic_server 12.1.3.0.0
oracle/weblogic_server 12.2.1.3.0
oracle/weblogic_server 12.2.1.4.0
oracle/weblogic_server 14.1.1.0.0
Published Jan 19, 2022
Tracked Since Feb 18, 2026