{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T02:21:48.554","vulnerabilities":[{"cve":{"id":"CVE-2024-20927","sourceIdentifier":"secalert_us@oracle.com","published":"2024-02-17T02:15:47.420","lastModified":"2025-03-18T16:15:20.147","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are 12.2.1.4.0 and  14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.  While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 8.6 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N)."},{"lang":"es","value":"Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). Las versiones compatibles que se ven afectadas son 12.2.1.4.0 y 14.1.1.0.0. Una vulnerabilidad fácilmente explotable permite que un atacante no autenticado con acceso a la red a través de HTTP comprometa Oracle WebLogic Server. Si bien la vulnerabilidad está en Oracle WebLogic Server, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en la creación, eliminación o modificación no autorizada del acceso a datos críticos o a todos los datos accesibles de Oracle WebLogic Server. CVSS 3.1 Puntaje base 8.6 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N)."}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"04BCDC24-4A21-473C-8733-0D9CFB38A752"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cpujan2024.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2024.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}