Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Diagnostics). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Remediation

References

CVE-2021-35552

Related Vulnerabilities

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43941)

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-14831)

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-36099)

WordPress Plugin WordPress Contact Forms by Cimatti Cross-Site Scripting (1.4.11)

Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-9490)

Severity

Medium

Classification

CVE-2021-35552 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities