Back
CVE-2016-0638
CRITICAL
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Messaging Service.
Published: Apr 21, 2016
Modified: May 6, 2026
NVD-CWE-noinfo
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products (4)
| Vendor | Product | Version |
|---|---|---|
| oracle | weblogic_server | 10.3.6.0.0 |
| oracle | weblogic_server | 12.1.2.0.0 |
| oracle | weblogic_server | 12.1.3.0.0 |
| oracle | weblogic_server | 12.2.1.0.0 |
References (6)
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Patch, Vendor Advisory
- http://www.securitytracker.com/id/1035615
- https://www.tenable.com/security/research/tra-2016-09
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Patch, Vendor Advisory
- http://www.securitytracker.com/id/1035615
- https://www.tenable.com/security/research/tra-2016-09
Risk Scores
CVSS Score
9.8 / 10
EPSS Score
76.67%
Top 1% most likely to be exploited
Threat Score
72.2 / 100
Data Sources
NVD
EPSS