Warning: High Severity Vulnerability in Oracle WebLogic Server
Reference:
Advisory #2023-049
Version:
1.0
Affected software:
Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
Type:
Unauthorized access to critical data
CVE/CVSS:
CVE-2023-21839 / 7.5
Date:
02/05/2023
Sources
https://www.oracle.com/security-alerts/cpujan2023.html
Risks
The vulnerability has a HIGH impact on Confidentiality. Privileges, authentication, and user interaction are not required to remotely exploit this vulnerability.
Moreover, CVE-2023-21839 has been observed being exploited in the wild.
Description
The vulnerability is easily exploitable and allows an unauthenticated attacker with network access via T3, IIOP to have access to critical data or to access to all Oracle WebLogic Server available data.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends system administrators to apply the necessary patches.
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2023-21839