CVE-2017-3248 Oracle CVE debrief

Who should care

Organizations running Oracle WebLogic Server, especially the affected supported versions listed by NVD: 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1. Security teams should treat any exposed WebLogic instance as high priority, particularly if it is reachable over T3.

Technical summary

The NVD record identifies the weakness as an unauthenticated network-accessible issue in Oracle WebLogic Server Core Components, reachable via T3. The affected CPEs are Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0. NVD assigns CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H and lists the weakness category as NVD-CWE-noinfo.

Defensive priority

Critical. This is a pre-authentication, network-reachable issue with full compromise impact, so remediation should be immediate for any exposed or production WebLogic Server instance.

Recommended defensive actions

• Apply Oracle's January 2017 CPU/security update referenced in the vendor advisory for affected WebLogic Server versions.
• Inventory WebLogic Server deployments to confirm whether any instance matches the affected versions listed by NVD.
• Restrict or filter network access to WebLogic T3 services to only trusted administrative paths where possible.
• Prioritize remediation on internet-facing or externally reachable WebLogic Server systems.
• Review monitoring and logs for unexpected WebLogic access or signs of server compromise around the exposure window.

Evidence notes

This debrief is based on the NVD record for CVE-2017-3248, which was published on 2017-01-27 and later modified on 2026-05-13. The NVD record names Oracle WebLogic Server Core Components as the affected component, lists the vulnerable versions, and provides the CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. NVD also links Oracle's CPU January 2017 advisory as the vendor reference.

Official resources