Oracle WebLogic UDDI Explorer Detected

low Web Application Scanning Plugin ID 112421

Synopsis

Oracle WebLogic UDDI Explorer Detected

Description

Oracle WebLogic UDDI Explorer allows authorized users to access and modify information about the web services published in the private WebLogic Server UDDI registries.

The scanner has been able to detect that this service is exposed on the target web application and could be leveraged by an attacker to help conduct further attacks.

Solution

Restrict or disable access to the UDDI Explorer.

See Also

https://support.oracle.com/knowledge/Middleware/1274906_1.html

Plugin Details

Severity: Low

ID: 112421

Type: remote

Published: 5/27/2020

Updated: 9/7/2021

Scan Template: api, scan, pci

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Low

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*

Reference Information