Warning: High Severity Vulnerability in Oracle WebLogic Server
Référence:
Advisory #2023-049
Version:
1.0
Logiciels concernés :
Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
Type:
Unauthorized access to critical data
CVE/CVSS:
CVE-2023-21839 / 7.5
Date:
02/05/2023
Sources
https://www.oracle.com/security-alerts/cpujan2023.html
Risques
The vulnerability has a HIGH impact on Confidentiality. Privileges, authentication, and user interaction are not required to remotely exploit this vulnerability.
Moreover, CVE-2023-21839 has been observed being exploited in the wild.
Description
The vulnerability is easily exploitable and allows an unauthenticated attacker with network access via T3, IIOP to have access to critical data or to access to all Oracle WebLogic Server available data.
Actions recommandées
The Centre for Cyber Security Belgium strongly recommends system administrators to apply the necessary patches.
Références
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2023-21839