Warning: High Severity Vulnerability in Oracle WebLogic Server
Referentie:
Advisory #2023-049
Versie:
1.0
Geïmpacteerde software:
Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
Type:
Unauthorized access to critical data
CVE/CVSS:
CVE-2023-21839 / 7.5
Datum:
02/05/2023
Bronnen
https://www.oracle.com/security-alerts/cpujan2023.html
Risico’s
The vulnerability has a HIGH impact on Confidentiality. Privileges, authentication, and user interaction are not required to remotely exploit this vulnerability.
Moreover, CVE-2023-21839 has been observed being exploited in the wild.
Beschrijving
The vulnerability is easily exploitable and allows an unauthenticated attacker with network access via T3, IIOP to have access to critical data or to access to all Oracle WebLogic Server available data.
Aanbevolen acties
The Centre for Cyber Security Belgium strongly recommends system administrators to apply the necessary patches.
Referenties
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2023-21839