Home > Vulnerability Database > CVE-2023-40571

Mend.io Vulnerability Database

CVE-2023-40571

Date: August 25, 2023

weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the data returned by the server without verifying it. At the same time, the classloader loads a lot of deserialization calls. In this case, the malicious serialized data returned by the server will cause remote code execution. Version 0.2.4 contains a patch for this issue.

Language: Java

Severity Score

9.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-40571

Url: https://github.com/dream0x01/weblogic-framework/security/advisories/GHSA-hjwj-4f3q-44h3

Url: https://github.com/dream0x01/weblogic-framework/releases/tag/v0.2.4

Url: https://www.mend.io/vulnerability-database/CVE-2023-40571

Severity Score

9.8

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-40571

Date: August 25, 2023

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?