HomePentest-Tools.com Logo

Oracle WebLogic - Local File Inclusion (CVE-2022-21371)

Severity
CVSSv3 Score
7.5
Vulnerability description

Oracle Weblogic is affected a Local File Inclusion vulnerability, inside the Console component,located in the /WEB-INF/weblogic.xml, //WEB-INF/web.xml, /META-INF/FEST.MF and /WEB-INF/portlet.xml endpoints. This allows attackers to read sensitive information from the target system by sending a special crafted HTTP GET request to the vulnerable endpoint.

Risk description

The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.

Recommendation

Upgrade the Oracle WebLogic to the latest version.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
No
Vuln date
Jan 2022
Published at
Updated at
Software Type
Web server
Vendor
Oracle
Product
WebLogic