Lucene search

K
thn
The Hacker NewsTHN:2B49FD6B1FE640C017C0531F850B4C11
HistoryJul 22, 2021 - 8:21 a.m.

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

2021-07-2208:21:00
The Hacker News
thehackernews.com
283

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system.

Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that’s remotely exploitable without authentication. It’s worth noting that the weakness was originally addressed as part of an out-of-band security update in June 2019.

Oracle WebLogic Server is an application server that functions as a platform for developing, deploying, and running enterprise Java-based applications.

The flaw, which is rated 9.8 out of a maximum of 10 on the CVSS severity scale, affects WebLogic Server versions 11.1.2.4 and 11.2.5.0 and exists within the Oracle Hyperion Infrastructure Technology.

Also fixed in WebLogic Server are six other flaws, three of which have been assigned a CVSS score of 9.8 out of 10 —

This is far from the first time critical issues have been discovered in WebLogic Server. Earlier this year, Oracle shipped the April 2021 patch with fixes for two bugs (CVE-2021-2135 and CVE-2021-2136), among others that could be abused to execute arbitrary code.

Oracle customers are advised to move quickly to apply the updates and protect systems against potential exploitation.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Be first who know about 0-days in popular software

Do not waste time on finding information in tons of articles. Subscribe yourself and your colleagues on news and articles about products you need and you use!

Subscribe on news

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for THN:2B49FD6B1FE640C017C0531F850B4C11