Critical Vulnerabilities in Oracle WebLogic Server, among 342 vulnerabilities across Oracle's products
The listed vulnerabilities may allow an unauthenticated attacker with network access via T3, Internet Inter-ORB Protocol (IIOP) to compromise a vulnerable server. Successful exploitation can result in a takeover of the server. Oracle has assessed that these vulnerabilities are easily exploitable, need no user interaction, and have a high impact on the entire CIA triad.
Oracle released its quarterly Critical Patch Update for July 2021 last Tuesday, 20 July 2020. This release includes 342 vulnerabilities ranging their entire product range, some of which could be exploited by a remote attcker to take control of an affected system.
Multiple vulnerabilities stand out for the Oracle WebLogic Server because they can exploited remotely without any authentication necessary. Oracle WebLogic Server is an application server that functions as a platform for developing,deploying, and running enterprise Java-base applications. That is whythe CCB highlights these highly critical vulnerabilities for this server as it could compromise many enterprise web applications.
If you have any other products in the list, please patch them, and prioritize patching if the CVSS 3 score is above 7.5!
- The CCB advises administrators of vulnerable Oracle WebLogic Server appliances to follow the advice of Oracle.
- The CCB advises organisations to upscale monitoring and detection capabilities to detect any related suspicious activity to ensure a fast response in case of an intrusion.
- The CCB urges organisations to do periodical check of their infrastructure to detect EOL devices timely and to replace them with supported and secure appliances.