vulnerability

Oracle WebLogic: CVE-2017-10123 : Critical Patch Update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Aug 8, 2017	Apr 3, 2018	Sep 13, 2018

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Aug 8, 2017

Added

Apr 3, 2018

Modified

Sep 13, 2018

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Solution

oracle-weblogic-jul-2017-cpu-12_1_3_0_0

References

BID-99650
CVE-2017-10123
https://attackerkb.com/topics/CVE-2017-10123
URL-http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
URL-https://support.oracle.com/rs?type=doc&id=2261562.1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today