Vulnerability identifier: #VU59704

Vulnerability risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-21371

CWE-ID: CWE-22

Exploitation vector: Network

Exploits in database: 2

• May 13, 2022
  • Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion [Exploit-DB]
• January 25, 2022
  • CVE-2022-21371 (Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion) [Github]

Impact: Information disclosure

Vulnerable software:
Oracle WebLogic Server
Server applications / Application servers

Vendor: Oracle