CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
17.8%
Oracle WebLogic Server provided by Oracle contains an HTTP header injection vulnerability (CWE-113).
This vulnerability could be exploited by a remote attacker to conduct a cross-site scripting attack, etc., and as a result, the displayed page may be altered or an arbitrary script may be executed on the web browser of the user who is using the product.
Update the software
Update the software to the latest version according to the information provided by the developer.