How severe is CVE-2024-21175?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-21175?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2024-21175 - HIGH Severity | CVSS 7.5

Vulnerability Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Related Vulnerabilities

CVE-2006-20001

HIGH

CVSS:7.5(High)

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. Th...

CWE-7872006

CVE-2013-5659

HIGH

CVSS:7.5(High)

Wiz 5.0.3 has a user mode write access violation

CWE-7872013

CVE-2015-8619

HIGH

CVSS:7.5(High)

The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).

CWE-7872015

CVE-2015-9542

HIGH

CVSS:7.5(High)

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could s...

CWE-7872015

CVE-2016-0189

HIGH

CVSS:7.5(High)

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of ...

CWE-7872016

CVE-2016-10196

HIGH

CVSS:7.5(High)

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involvin...

CWE-7872016