Threat Signal ReportOracle WebLogic Server Vulnerability (CVE-2023-21839) added to CISA Known Exploited Vulnerabilities (KEV) Catalog
Description
| What is Oracle WebLogic? |
Oracle WebLogic is an enterprise
application server developed by Oracle. According to 6sense.com , the
application server is used by thousands of companies namely AT&T, NTT
Data, Verizon, etc. |
| What is the attack? | The attack targets
vulnerable Oracle WebLogic Server specifically in Oracle Fusion Middleware. The vulnerability is tracked under CVE-2023-21839 and exploits the flaw that allows unauthorized access to the
vulnerable servers via T3 and IIOP (Oracle proprietary protocol). The affected
versions are: 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.
The vulnerability has a CVSS base score of 7.5 and attack complexity is rated "low" in the vendor advisory. |
| Why this is significant? |
On May 1st, 2023, CISA
(Cybersecurity & Infrastructure Security Agency) added the Oracle
WebLogic Server vulnerability (CVE-2023-21839) to their Known Exploited
Vulnerabilities Catalog. Successful exploitation of the vulnerability allows
unauthenticated attacker to compromise vulnerable Oracle WebLogic Server. |
| What is the vendor solution? |
Oracle released a critical patch
last January. |
| What is the FortiGuard Coverage? | Fortinet customers are protected via FortiGuard IPS - refer to the Outbreak Alert for Oracle WebLogic Server Vulnerability for the full FortiGuard coverage details. |
Outbreak Alert
Known exploited vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. This vulnerability allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data on the Oracle WebLogic Server and the confidentiality impact of the vulnerability is rated as "High".
Appendix
Outbreak Alert: Oracle WebLogic Server Vulnerability
Oracle Critical Patch Update Advisory - January 2023 (Oracle)
✖
