17 matches found
CVE-2023-21839
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...
8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining
Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware...
Oracle WebLogic Server OS Command Injection Flaw Under Active Attack
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 CVSS score: 7.4, the issue concerns an operati...
Decoding Water Sigbin's Latest Obfuscation Tricks
Water Sigbin aka the 8220 Gang exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against...
Exploit for Cross-site Scripting in Helpsystems Cobalt_Strike
Gui-poc-test A testing tool for CobaltStrike-RCE:CVE-2022-3919...
Oracle Weblogic PreAuth Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Taken from page 24 of https://docs.oracle.com/cd/E1321101/wle/wle42/corba/giop.pdf NOEXCEPTION = 0 USEREXCEPTION = 1 SYSTEMEXCEPTION = 2...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
CVE-2023-21839-metasploit-scanner Usage git clone https://...
Oracle WebLogic Server vulnerability added to CISA list as “known to be exploited”
On May 1, 2023 the Cybersecurity and Infrastructure Security Agency CISA added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies are obliged to remediate the...
Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three flaws to the Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389 CVSS score: 8.8 - TP-Link Archer AX-21 Command Injection...
VulnCheck KEV: CVE-2023-21839
Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
CVE-2023-21839 Due to special requirements, the GO version of...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
WebLogic-CVE-2023-21839 CVE-2023-21839 is a vulnerability cre...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
WebLogic-CVE-2023-21839 CVE-2023-21839 is a vulnerability cre...
CVE-2023-21839
creationtimestamp| type| source ---|---|--- 2023-01-29 15:43:57+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/3716 2023-02-22 06:20:02+00:00| published-proof-of-concept| Telegram/rtIvSzNDcGJDjAmNbpFbRjMYLO0j4LkJOjAcfYVbCa7YVw 2023-02-22 08:16:14+00:00| published-proof-of-concept|...
CVE-2023-21839
...
CVE-2023-21839
CVE-2023-21839 affects Oracle WebLogic Server (core) versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. It is exploitable via unauthenticated network access over T3/IIOP and relates to post-deserialization of a ForeignOpaqueReference object, enabling remote code execution as the oracle user. Multip...
CVE-2023-21839
...