📦 Weblogic Server
by Oracle
🔍 What is Weblogic Server?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2025-21535 is a critical vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to remotely execute arbitrary code and completely compromise affected servers. The vulnerabil...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to fully compromise the server, leading to complete takeover. It affects WebL...
This critical vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to completely compromise the server. Affected versions are 12.2.1.4....
This critical vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to completely compromise the server. Affected versions are 12.2.1.4....
This critical vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to completely compromise the server. It affects WebLogic Server vers...
This critical vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to completely compromise the server. It affects WebLogic Server 12.2...
CVE-2022-21306 is a critical vulnerability in Oracle WebLogic Server that allows unauthenticated attackers with network access via the T3 protocol to completely compromise the server. This affects Web...
CVE-2022-23305 is an SQL injection vulnerability in Log4j 1.2.x's JDBCAppender that allows attackers to execute arbitrary SQL queries by injecting malicious strings into application inputs that get lo...
This critical vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via IIOP to completely compromise the server. Affected versions include 12.1.3.0.0, 12.2.1.3....
CVE-2021-2108 is a critical vulnerability in Oracle WebLogic Server that allows unauthenticated remote attackers to execute arbitrary code and completely compromise affected servers. The vulnerability...
This critical vulnerability in Oracle WebLogic Server allows unauthenticated attackers to remotely execute arbitrary code and completely compromise affected servers. It affects multiple supported vers...
CVE-2021-2064 is a critical vulnerability in Oracle WebLogic Server that allows unauthenticated remote attackers to execute arbitrary code and completely compromise affected servers. This affects WebL...
This critical vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via IIOP or T3 protocols to completely compromise the server. Affected versions include 10.3....
An unauthenticated remote code execution vulnerability in Oracle WebLogic Server's Web Services component allows attackers to completely compromise affected servers via HTTP. This affects WebLogic Ser...
CVE-2020-14750 is a critical remote code execution vulnerability in Oracle WebLogic Server's Administration Console. Unauthenticated attackers can exploit this via HTTP to completely compromise affect...
CVE-2020-14882 is a critical remote code execution vulnerability in Oracle WebLogic Server's Administration Console. Unauthenticated attackers can exploit this via HTTP to completely compromise affect...
CVE-2020-14859 is a critical remote code execution vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to completely compromise affected servers via IIOP or T3 protocols. Thi...
CVE-2020-14841 is a critical vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to remotely execute arbitrary code via the IIOP protocol. This affects multiple supported ver...
CVE-2020-14825 is a critical remote code execution vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to completely compromise affected servers via IIOP or T3 protocols. Thi...
An unauthenticated remote attacker can exploit this vulnerability in Oracle WebLogic Server via HTTP/2 to cause a denial of service, resulting in server crashes or hangs. This affects Oracle WebLogic ...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to access sensitive data. It affects WebLogic Server versions 12.2.1.4.0, 14....
This vulnerability allows unauthenticated attackers to cause a denial of service (DoS) on Oracle WebLogic Server 14.1.1.0.0 by sending specially crafted HTTP/2 requests. The attack can crash or hang t...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers to cause denial of service by crashing or hanging the server via HTTP requests. It affects WebLogic Server versions 12.2.1...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to access sensitive data. It affects WebLogic Server versions 12.2.1.4.0 and ...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to access sensitive data. It affects WebLogic Server versions 12.2.1.4.0 and ...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via HTTP to compromise the server's integrity. Attackers can create, delete, or modify critical data a...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to access sensitive data. It affects WebLogic Server versions 12.2.1.4.0 and ...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via HTTP to compromise the server. It enables unauthorized creation, deletion, or modification of crit...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to access sensitive data. It affects WebLogic Server versions 12.2.1.4.0 and ...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to access sensitive data. It affects WebLogic Server versions 12.2.1.4.0 and ...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers to cause a denial of service (DoS) by crashing or hanging the server via HTTP requests. It affects WebLogic Server version...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via the T3 protocol to gain unauthorized access to sensitive data. It affects WebLogic Server versions...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via the T3 protocol to cause a denial of service by crashing or hanging the server. It affects WebLogi...
CVE-2022-21441 is a denial-of-service vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to crash the server via T3/IIOP network protocols. Affected versions include 12.2.1....
CVE-2020-36518 is a denial-of-service vulnerability in Jackson Databind where processing deeply nested JSON objects causes a Java StackOverflowError, crashing the application. This affects any Java ap...
CVE-2022-21371 is a local file inclusion vulnerability in Oracle WebLogic Server's web container that allows unauthenticated attackers with network access via HTTP to read arbitrary files on the serve...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via HTTP to access sensitive data. It affects WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0, spec...
CVE-2021-4104 is a deserialization vulnerability in Log4j 1.2's JMSAppender that allows remote code execution when attackers can modify Log4j configuration files. This affects systems running Log4j 1....
This vulnerability in Oracle Database's Advanced Networking Option allows attackers to bypass network encryption protections and potentially compromise the component. It affects Oracle Database Server...
This OpenSSL vulnerability allows certificate chain validation to be bypassed when the X509_V_FLAG_X509_STRICT flag is explicitly set. It affects applications using OpenSSL 1.1.1h-1.1.1j that enable s...
This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via HTTP to compromise the server. It requires human interaction from someone other than the attacker ...
This vulnerability in Oracle WebLogic Server allows authenticated high-privileged attackers to modify or read limited data through HTTP requests requiring user interaction. It affects WebLogic Server ...
This vulnerability in Oracle WebLogic Server allows authenticated attackers with low privileges to cause a denial of service (DoS) by crashing or hanging the server via HTTP requests. It affects WebLo...
This vulnerability in Google Guava's createTempDir() method creates temporary directories with world-readable permissions on Unix-like systems, allowing any user on the same machine to potentially rea...