This vulnerability in Oracle WebLogic Server's Console component affects versions 14.1.2.0.0 and 15.1.1.0.0. It permits an unauthenticated attacker with network access over HTTPS to exploit the system, contingent on user interaction by someone other than the attacker. The impact includes complete compromise of the WebLogic Server, with high severity reflected in a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Oracle has published a Critical Security Patch Update advisory that includes patches addressing this and other vulnerabilities. Oracle strongly recommends applying these patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or limiting privileges, though these may affect functionality.

Successful exploitation can result in full takeover of the Oracle WebLogic Server, impacting confidentiality, integrity, and availability of the affected system. The vulnerability is exploitable remotely without authentication but requires user interaction from a third party. This can lead to unauthorized access and control over the server environment.

Oracle has released a Critical Security Patch Update that addresses this vulnerability among others. Customers are strongly advised to apply the June 2026 Critical Security Patch Update without delay to remediate this issue. Until patches are applied, mitigating actions include blocking network protocols required by the attack and removing unnecessary privileges or access to vulnerable packages from users. These mitigations may impact application functionality and should be tested accordingly. Patch status is not explicitly stated in the advisory excerpt, but the presence of the Critical Security Patch Update indicates an official fix is available.