Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).

Remediation

References

CVE-2021-1996

Related Vulnerabilities

osCommerce Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-27976)

Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21696)

Oracle JRE CVE-2013-5850 Vulnerability (CVE-2013-5850)

Play Framework Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-12480)

MySQL CVE-2019-2808 Vulnerability (CVE-2019-2808)

Severity

Low

Classification

CVE-2021-1996 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities