Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Multiple Vulnerabilities in Oracle Products, Patch Immediately!
Image
Veröffentlicht : 21/01/2026
* Last update: 21/01/2026
* Affected products:
→ Oracle Products* Type: Multiple
* CVE/CVSS:
- CVE-2026-21962: CVSS 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N)
- CVE-2026-21969: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Oracle - https://www.oracle.com/security-alerts/cpujan2026.html
Risks
Oracle released the January Critical Patch Update, a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. This update contains 337 new security patches across all the product families. Please refer to the Oracle document to see which of your products are affected.
Description
We have selected some vulnerabilities to highlight for their severity and potential impact.
CVE-2026-21962 - Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
CVE-2026-21962 is an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in.
Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data.
CVE-2026-21969 - Oracle Agile Product Lifecycle Management for Process
CVE-2026-21969 is an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in takeover of Oracle Agile Product Lifecycle Management for Process.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
NIST NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-21962
NIST NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-21969