{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T07:03:52.302","vulnerabilities":[{"cve":{"id":"CVE-2026-21962","sourceIdentifier":"secalert_us@oracle.com","published":"2026-01-20T22:15:59.110","lastModified":"2026-02-03T00:16:10.653","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS).  Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in.  While the vulnerability is in Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as  unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data. Note: Affected version for Weblogic Server Proxy Plug-in for IIS is 12.2.1.4.0 only. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N)."},{"lang":"es","value":"Vulnerabilidad en el producto Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in de Oracle Fusion Middleware (componente: Weblogic Server Proxy Plug-in para Servidor HTTP Apache, Weblogic Server Proxy Plug-in para IIS). Las versiones compatibles afectadas son 12.2.1.4.0, 14.1.1.0.0 y 14.1.2.0.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso de red vía HTTP comprometer Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. Aunque la vulnerabilidad está en Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, los ataques pueden impactar significativamente productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado de creación, eliminación o modificación de datos críticos o de todos los datos accesibles por Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, así como acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles por Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. Nota: La versión afectada para Weblogic Server Proxy Plug-in para IIS es solo 12.2.1.4.0. Puntuación Base CVSS 3.1 10.0 (impactos en la Confidencialidad e Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N)."}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.8}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"AD04BEE5-E9A8-4584-A68C-0195CE9C402C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:http_server:14.1.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"24404505-FD69-4844-8253-053776E1CC1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"49A6B4CB-3C5C-446A-902D-3C4824CA24D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5E29C004-51D7-4BBE-B28A-EE6B7B10F89F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:14.1.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6E726C52-A697-4A3B-AA34-F88FF8FE5DEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"A6C22A45-61D1-43D3-A187-993FBA4485F0"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cpujan2026.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/Ashwesker/Ashwesker-CVE-2026-21962/issues/1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Not Applicable"]},{"url":"https://web.archive.org/web/20260129165916/https://github.com/Ashwesker/Ashwesker-CVE-2026-21962/issues/1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://x.com/0xacb/status/2015473216844620280","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Not Applicable"]}]}}]}