Overview Recently, NSFOCUS CERT detected that Oracle has released a security announcement and fixed two information disclosure vulnerabilities (CVE-2024-21006/CVE-2024-21007) in Oracle WebLogic Server. Due to the defects of T3/IIOP protocol, unauthenticated attackers can send malicious requests through servers affected by T3/IIOP protocol. Access to sensitive information on the target system....
Tag: WebLogic
WebLogic Multiple High-Risk Vulnerabilities Threat Alert
Overview On July 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 342 vulnerabilities of varying risk levels. Among these vulnerabilities, three severe ones are easy to exploit to affect WebLogic. Users are advised to take measures without delay to protect against the...
WebLogic Multiple Severe Vulnerabilities Threat Alert
Vulnerability Description On April 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 400 vulnerabilities of varying risk levels. Seven of these vulnerabilities are severe and easy to exploit and affect WebLogic. Users are advised to take measures without delay to protect against...
WebLogic Multiple Remote Code Execution Vulnerabilities Threat Alert
Vulnerability Description On January 20, 2021, NSFOCUS detected that Oracle released the January 2021 Critical Patch Update (CPU), which fixed 329 vulnerabilities of varying risk levels. Seven of these vulnerabilities are severe and assigned CVE-2021-1994, CVE-2021-2047, CVE-2021-2064, CVE-2021-2108, CVE-2021-2075, CVE-2019-17195, and CVE-2020-14756. Unauthenticated attackers could exploit these vulnerabilities to execute...
WebLogic Console HTTP Remote Code Execution Vulnerability (CVE-2020-14882) Protection Solution
Overview The Critical Patch Update (CPU) for October 2020 released by Oracle contains a high-risk WebLogic Consoleremote code execution vulnerability (CVE-2020-14882). The vulnerability can be triggered without authentication and has an extensive impact. Unauthenticated attackers might construct special HTTP GET requests to exploit this vulnerability to execute arbitrary code on...
WebLogic High-Risk Vulnerabilities (CVE-2020-14841, CVE-2020-14825, CVE-2020-14859) Threat Alert
Overview On October 21, 2020, Beijing time, Oracle released Critical Patch Update (CPU) for October 2020 that fixes 402 vulnerabilities of different risk levels. The WebLogic Server Core component is prone to three severe vulnerabilities with a CVSS base score of 9.8, which are assigned CVE-2020-14841, CVE-2020-14825, and CVE-2020-14859 respectively....
