Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-21839

CVSS 7.5 · High KEV EPSS 94.11% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-21839

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Oracle WebLogic Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Oracle WebLogic Server是美国甲骨文(Oracle)公司的一款适用于云环境和传统环境的应用服务中间件,它提供了一个现代轻型开发平台,支持应用从开发到生产的整个生命周期管理,并简化了应用的部署和管理。 Oracle WebLogic Server 12.2.1.3.0, 12.2.1.4.0 和 14.1.1.0.0存在安全漏洞,攻击者可利用该漏洞导致对关键数据的未授权访问或对所有 Oracle WebLogic Server 可访问数据的完全访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
Oracle CorporationWebLogic Server 12.2.1.3.0 -

II. Public POCs for CVE-2023-21839

#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/DXask88MA/Weblogic-CVE-2023-21839POC Details
2Weblogic CVE-2023-21839 RCE (无需Java依赖一键RCE)https://github.com/ASkyeye/CVE-2023-21839POC Details
3CVE-2023-21839工具https://github.com/Firebasky/CVE-2023-21839POC Details
4CVE-2023-21839 Python版本https://github.com/houqe/POC_CVE-2023-21839POC Details
5Nonehttps://github.com/kw3h4/CVE-2023-21839-metasploit-scannerPOC Details
6Nonehttps://github.com/MMarch7/weblogic_CVE-2023-21839_POC-EXPPOC Details
7CVE-2024-20931, this is the bypass of the patch of CVE-2023-21839https://github.com/dinosn/CVE-2024-20931POC Details
8Weblogic CVE-2023-21839 RCE (无需Java依赖一键RCE)https://github.com/outgoingcon/CVE-2023-21839POC Details
9Weblogic CVE-2023-21839 RCE (无需Java依赖一键RCE)https://github.com/thishistorian/CVE-2023-21839POC Details
10Weblogic CVE-2023-21839 RCE (无需Java依赖一键RCE)https://github.com/juniorinter/CVE-2023-21839POC Details
11Weblogic CVE-2023-21839 RCE (无需Java依赖一键RCE)https://github.com/lovingpot/CVE-2023-21839POC Details
12Weblogic CVE-2023-21839 RCE (无需Java依赖一键RCE)https://github.com/illegalbrea/CVE-2023-21839POC Details
13Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Weblogic%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-21839.mdPOC Details
14https://github.com/vulhub/vulhub/blob/master/weblogic/CVE-2023-21839/README.mdPOC Details
15Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2023/CVE-2023-21839.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-21839

登录查看更多情报信息。

Same Patch Batch · Oracle Corporation · 2023-01-17 · 73 CVEs total

CVE-2023-218909.8 CRITICALOracle Communications Converged Application Server 安全漏洞
CVE-2023-218468.8 HIGHOracle BI Publisher 安全漏洞
CVE-2023-218488.8 HIGHOracle Communications Applications 安全漏洞
CVE-2023-218328.8 HIGHOracle BI Publisher安全漏洞
CVE-2023-218868.1 HIGHOracle VM VirtualBox 安全漏洞
CVE-2023-218288.1 HIGHOracle Hospitality Reporting and Analytics 安全漏洞
CVE-2023-218628.1 HIGHOracle Web Services Manager 安全漏洞
CVE-2023-218267.6 HIGHOracle Hospitality Reporting and Analytics 安全漏洞
CVE-2023-218937.5 HIGHOracle Database Server 安全漏洞
CVE-2023-218427.5 HIGHOracle WebLogic Server 安全漏洞
CVE-2023-218507.5 HIGHOracle E-Business Suite 安全漏洞
CVE-2023-218497.5 HIGHOracle E-Business Suite 安全漏洞
CVE-2023-218537.5 HIGHOracle E-Business Suite 安全漏洞
CVE-2023-218527.5 HIGHOracle E-Business Suite 安全漏洞
CVE-2023-218587.5 HIGHOracle E-Business Suite 安全漏洞
CVE-2023-218517.5 HIGHOracle E-Business Suite 安全漏洞
CVE-2023-218547.5 HIGHOracle E-Business Suite 安全漏洞
CVE-2023-218557.5 HIGHOracle E-Business Suite 安全漏洞
CVE-2023-218567.5 HIGHOracle E-Business Suite 安全漏洞
CVE-2023-218577.5 HIGHOracle E-Business Suite 安全漏洞

Showing top 20 of 73 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: WebLogic Server
Same vendor: Oracle Corporation

V. Comments for CVE-2023-21839

No comments yet

Leave a comment