Synced 19 Jun 2026 07:34 UTC Account
← All products

CVE-2016-3551

CRITICAL severity · CVSS 9.8
9.8CVSS CRITICAL

Summary

Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXWS Web Services Stack.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)5%

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products we track (1)

Oracle WebLogic

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html ↗

Additional information