Oracle WebLogic - Local File Inclusion (CVE-2022-21371)
- CVSSv3 Score
- Vulnerability description
Oracle Weblogic is affected a Local File Inclusion vulnerability, inside the Console component,located in the
/WEB-INF/portlet.xmlendpoints. This allows attackers to read sensitive information from the target system by sending a special crafted HTTP GET request to the vulnerable endpoint.
- Risk description
The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.
Upgrade the Oracle WebLogic to the latest version.
- Not available