Oracle WebLogic

Oracle WebLogic Server Remote Code Execution Vulnerability (CVS 2023-21931) Notice

April 21, 2023

Overview Recently, NSFOCUS CERT found that Oracle officially issued a security notice to fix a remote code execution vulnerability in Oracle WebLogic Server (CVE-2023-21931). Due to a flaw in the getObject Instance () method of the WLNamingManager class in WebLogic, in the default configuration, unauthenticated remote attackers can pass in specific objects through T3/IIOP, ultimately […]


Subscribe to the NSFOCUS Blog