Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
    Dublin
  • County:
    Dublin
  • Country:
    Ireland
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

July 23, 2021

Oracle on Tuesday launched its quarterly Critical Patch Update for July 2021 with 342 fixes spanning throughout a number of merchandise, a few of which might be exploited by a distant attacker to take management of an affected system.

Chief amongst them is CVE-2019-2729, a crucial deserialization vulnerability by way of XMLDecoder in Oracle WebLogic Server Net Companies that is remotely exploitable with out authentication. It is value noting that the weak spot was initially addressed as a part of an out-of-band security update in June 2019.

Stack Overflow Teams

Oracle WebLogic Server is an software server that capabilities as a platform for creating, deploying, and operating enterprise Java-based functions.

The flaw, which is rated 9.8 out of a most of 10 on the CVSS severity scale, impacts WebLogic Server variations 11.1.2.4 and 11.2.5.0 and exists inside the Oracle Hyperion Infrastructure Know-how.

Additionally mounted in WebLogic Server are six different flaws, three of which have been assigned a CVSS rating of 9.8 out of 10 —

That is removed from the primary time crucial points have been found in WebLogic Server. Earlier this 12 months, Oracle shipped the April 2021 patch with fixes for 2 bugs (CVE-2021-2135 and CVE-2021-2136), amongst others that might be abused to execute arbitrary code.

Oracle clients are suggested to maneuver shortly to use the updates and shield programs towards potential exploitation.

Posted in SecurityTags:
Write a comment