CVE-2023-21931

HIGH

Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization

Title source: metasploit

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Exploits (3)

nomisec WRITEUP

by TimeSHU · poc

https://github.com/TimeSHU/weblogic_CVE-2023-21931_POC-EXP

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by 4ra1n, 14m3ta7k, Grant Willcox · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/iiop/cve_2023_21839_weblogic_rce.rb

View Code ZIP pw:eip

inthewild

poc

https://github.com/mmarch7/weblogic_cve-2023-21931_poc-exp

View on inthewild

References (2)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/172882/Oracle-Weblogic-PreAuth-Remote-Command-Execution.html

[Patch, Vendor Advisory] https://www.oracle.com/security-alerts/cpuapr2023.html

Scores

CVSS v3 7.5

EPSS 0.8402

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-306

Status published

Products (3)

oracle/weblogic_server 12.2.1.3.0

oracle/weblogic_server 12.2.1.4.0

oracle/weblogic_server 14.1.1.0.0

Published Apr 18, 2023

Tracked Since Feb 18, 2026