Detections
Analytics

Oracle WebLogic UDDI Explorer Detected

medium Web App Scanning Plugin ID 112421

Language:

Synopsis

Oracle WebLogic UDDI Explorer Detected

Description

Oracle WebLogic UDDI Explorer allows authorized users to access and modify information about the web services published in the private WebLogic Server UDDI registries.

The scanner has been able to detect that this service is exposed on the target web application and could be leveraged by an attacker to help conduct further attacks.

Solution

Restrict or disable access to the UDDI Explorer.

See Also

https://support.oracle.com/knowledge/Middleware/1274906_1.html

Plugin Details

Severity: Medium

ID: 112421

Type: remote

Published: 5/27/2020

Updated: 9/7/2021

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Low

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*

Reference Information