• Language chooser
    • USA (English)
    • France (Français)

Oracle WebLogic Server Vulnerability

Released: May 05, 2023

Updated: May 08, 2023


High Severity

Oracle Vendor

Vulnerability Type


Attackers target vulnerable WebLogic servers.

Known exploited vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. This vulnerability allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data on the Oracle WebLogic Server and the confidentiality impact of the vulnerability is rated as "High". Learn More »

Common Vulnerabilities and Exposures

CVE-2023-21839

Background

Oracle WebLogic Server is a unified and extensible platform for developing, deploying and running enterprise applications, such as Java, for on-premises and in the cloud. The affected versions of Oracle WebLogic server include 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


January, 2023: Oracle released a critical patch update advisory https://www.oracle.com/security-alerts/cpujan2023.html


May 1, 2023: CISA added CVE-2023-21839 in CISA's Known Exploited Vulnerabilities Catalog (KEV). May 2, 2023: FortiGuards Labs released a Threat Signal on the vulnerability https://www.fortiguard.com/threat-signal-report/5154 FortiGuard Labs has released an IPS signature to detect and block attack attempts targeting vulnerable Oracle WebLogic Server and also recommends organizations to review and patch affected versions as recommended in the vendor advisory.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
  • IPS

DETECT
RESPOND
  • Assisted Response Services

  • Automated Response

RECOVER
  • InfoSec Services

IDENTIFY
  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0

References

Sources of information in support and relation to this Outbreak and vendor.