www.belgium.be Logo of the federal government

Warning: High Severity Vulnerability in Oracle WebLogic Server

Reference: 
Advisory #2023-049
Version: 
1.0
Affected software: 
Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
Type: 
Unauthorized access to critical data
CVE/CVSS: 

CVE-2023-21839 / 7.5

Sources

https://www.oracle.com/security-alerts/cpujan2023.html

Risks

The vulnerability has a HIGH impact on Confidentiality. Privileges, authentication, and user interaction are not required to remotely exploit this vulnerability.

Moreover, CVE-2023-21839 has been observed being exploited in the wild.

Description

The vulnerability is easily exploitable and allows an unauthenticated attacker with network access via T3, IIOP to have access to critical data or to access to all Oracle WebLogic Server available data.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends system administrators to apply the necessary patches.

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2023-21839