Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Critical Vulnerabilities in Oracle WebLogic Server, among 342 vulnerabilities across Oracle's products
Image
Published : 22/07/2021
Reference:
Advisory #2021-014
Version:
1.0
Affected software:
Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
Type:
Remote Code Execution
CVE/CVSS:
CVE-2021-2394
CVE-2021-2397
CVE-2021-2382CVSS3 score 9.8
Sources
https://www.oracle.com/security-alerts/cpujul2021.html
Risks
The listed vulnerabilities may allow an unauthenticated attacker with network access via T3, Internet Inter-ORB Protocol (IIOP) to compromise a vulnerable server. Successful exploitation can result in a takeover of the server. Oracle has assessed that these vulnerabilities are easily exploitable, need no user interaction, and have a high impact on the entire CIA triad.
Description
Oracle released its quarterly Critical Patch Update for July 2021 last Tuesday, 20 July 2020. This release includes 342 vulnerabilities ranging their entire product range, some of which could be exploited by a remote attcker to take control of an affected system.
Multiple vulnerabilities stand out for the Oracle WebLogic Server because they can exploited remotely without any authentication necessary. Oracle WebLogic Server is an application server that functions as a platform for developing,deploying, and running enterprise Java-base applications. That is whythe CCB highlights these highly critical vulnerabilities for this server as it could compromise many enterprise web applications.
If you have any other products in the list, please patch them, and prioritize patching if the CVSS 3 score is above 7.5!
Recommended Actions
Administrators and users of affected product versions are advised to apply the latest security updates immediately.
General Advice
- The CCB advises administrators of vulnerable Oracle WebLogic Server appliances to follow the advice of Oracle.
- The CCB advises organisations to upscale monitoring and detection capabilities to detect any related suspicious activity to ensure a fast response in case of an intrusion.
- The CCB urges organisations to do periodical check of their infrastructure to detect EOL devices timely and to replace them with supported and secure appliances.