Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).
References
| Link | Resource |
|---|---|
| https://www.oracle.com/security-alerts/cpujan2021.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Jan 2021, 18:33
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 2.4 |
| CWE | NVD-CWE-noinfo | |
| CPE | cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Vendor Advisory |
20 Jan 2021, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-01-20 15:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-1996
Mitre link : CVE-2021-1996
CVE.ORG link : CVE-2021-1996
JSON object : View
Products Affected
oracle
- siebel_ui_framework
- hyperion_infrastructure_technology
- weblogic_server
- agile_engineering_data_management
CWE