CVE-2025-50072
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-24
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | weblogic_server | 12.2.1.4.0 |
| oracle | weblogic_server | 14.1.1.0.0 |
| oracle | weblogic_server | 14.1.2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Oracle WebLogic Server versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0. It allows an unauthenticated attacker who has logon access to the infrastructure where WebLogic Server runs to compromise the server. Specifically, the attacker can perform unauthorized update, insert, or delete operations on some data accessible by Oracle WebLogic Server.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with access to the infrastructure to modify data within Oracle WebLogic Server without authorization. This could lead to data integrity issues, such as unauthorized changes, insertions, or deletions of data, potentially disrupting applications or services relying on that data.