According to Computerworld, the flaw is in WebLogic's Node Manager software. Oracle admits that if a hacker gains access to the administrator's port, the results could be devastating:
A successful exploitation of this vulnerability may result in a full compromise of the targeted server on Windows. On other platforms (Unix, Linux, etc.), the attacker may gain access to the targeted server with the same privileges as the WebLogic server processes.
The flaw affects WebLogic versions 7 and higher. Oracle recommends that the fix be applied as soon as possible.