vulnerability

Oracle WebLogic: CVE-2024-20927 : Critical Patch Update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:C/A:N)	Jan 16, 2024	Feb 2, 2024	Oct 16, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:C/A:N)

Published

Jan 16, 2024

Added

Feb 2, 2024

Modified

Oct 16, 2025

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 8.6 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).

Solutions

oracle-weblogic-jan-2024-cpu-12_2_1_4_0oracle-weblogic-jan-2024-cpu-14_1_1_0_0

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report