There are 264 Oracle WebLogic Server vulnerabilities that have been discovered in at least 22 products. The exposed components are Web Server, Authentication, Configuration, Data Access, and Application Server. At least one vendor has a patch available. The vendor information was obtained from the TippingPoint Critical patch management informationBase. If you prefer one of the other venues, click one of the links below.

Vendor description

“There are 264 Oracle WebLogic Server vulnerabilities that have been discovered in at least 22 products. The exposed components are Web Server, Authentication, Configuration, Data Access, and Application Server. At least one vendor has a patch available. The vendor information was obtained from the TippingPoint Critical patch management informationBase. If you prefer one of the other venues, click one of the links below.”

CVE-2021-2022 -21306

The Oracle WebLogic vulnerabilities are categorized into three groups:

Oracle WebLogic Server Vulnerabilities

Oracle WebLogic Server is an Application Server that allows companies to build and deploy web-based applications. There are 264 vulnerabilities in at least 22 products of the Oracle WebLogic Server product line. A vulnerability is defined as a flaw or flaw that affects software design, implementation, or operation. The exposed components are Web Server, Authentication, Configuration, Data Access, and Application Server.
The vulnerabilities were discovered by TippingPoint's OpenVAS Security Toolkit and other tools including the Apache Jakarta Commons Collections (JCC), Apache Struts, Tomcat Gateway Interface (TGI), and others.
If you're interested in learning more about the security of your Oracle WebLogic Server-based applications, visit this page on TippingPoint's website: https://www.tippingpoint.com/advisory/CVE-2022-21306

Web Server

The Web server component is vulnerable to nine vulnerabilities. Vulnerabilities include a stack buffer overflow, denial of service, and two security flaws that allow attackers to bypass authentication and impersonate other users.

Oracle WebLogic Server Vulnerability Table Courtesy:- TippingPoint

Critical Vulnerability Management

Timeline

Published on: 01/19/2022 12:15:00 UTC
Last modified on: 01/24/2022 14:07:00 UTC

References