CVE-2024-21260

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 15, 2024

Summary

CVE-2024-21260 is a vulnerability identified in Oracle WebLogic Server, specifically affecting versions 12.2.1.4.0 and 14.1.1.0.0 of the Oracle Fusion Middleware component. This flaw allows unauthenticated attackers with network access via T3 or IIOP protocols to potentially cause a denial of service (DoS) by crashing or hanging the server, with a CVSS 3.1 score of 7.5 indicating a high severity level due to its significant availability impact. Organizations are advised to apply available updates and patches from Oracle to mitigate this risk effectively. The attack requires no privileges or user interaction, making it particularly concerning for exposed systems on the network. For further details, organizations can refer to Oracle's security alerts page at the provided link.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database