Oracle WebLogic - Local File Inclusion (CVE-2022-21371)
- Severity
- CVSSv3 Score
- 7.5
- Vulnerability description
Oracle Weblogic is affected a Local File Inclusion vulnerability, inside the Console component,located in the
/WEB-INF/weblogic.xml
,//WEB-INF/web.xml
,/META-INF/FEST.MF
and/WEB-INF/portlet.xml
endpoints. This allows attackers to read sensitive information from the target system by sending a special crafted HTTP GET request to the vulnerable endpoint.- Risk description
The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.
- Recommendation
Upgrade the Oracle WebLogic to the latest version.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- No
- Vuln date
- Jan 2022
- Published at
- Updated at
- Software Type
- Web server
- Vendor
- Oracle
- Product
- WebLogic