Threat Signal ReportOracle WebLogic Server Vulnerability added to CISA Known Exploited Vulnerabilities (KEV) Catalog
| What is Oracle WebLogic? |
Oracle WebLogic is an enterprise
application server developed by Oracle. According to 6sense.com , the
application server is used by thousands of companies namely AT&T, NTT
Data, Verizon, etc. |
| What is the attack? | The attack targets
vulnerable Oracle WebLogic Server specifically in Oracle Fusion Middleware. The vulnerability is tracked under CVE-2023-21839 and exploits the flaw that allows unauthorized access to the
vulnerable servers via T3 and IIOP (Oracle proprietary protocol). The affected
versions are: 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.
The vulnerability has a CVSS base score of 7.5 and attack complexity is rated "low" in the vendor advisory. |
| Why this is significant? |
On May 1st, 2023, CISA
(Cybersecurity & Infrastructure Security Agency) added the Oracle
WebLogic Server vulnerability (CVE-2023-21839) to their Known Exploited
Vulnerabilities Catalog. Successful exploitation of the vulnerability allows
unauthenticated attacker to compromise vulnerable Oracle WebLogic Server. |
| What is the vendor solution? |
Oracle released a critical patch
last January. |
| What is the FortiGuard Coverage? | Fortinet customers are protected via FortiGuard IPS - refer to the Outbreak Alert for Oracle WebLogic Server Vulnerability for the full FortiGuard coverage details. |
Outbreak Alert
Known exploited vulnerabilities in the Oracle WebLogic Server. The vulnerabilities allows an unauthenticated attacker with network to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data on the Oracle WebLogic Server and attacker may further use it deploy malware such as cryptocurrency miners.
Additional Resources
Outbreak Alert: Oracle WebLogic Server Vulnerability
Oracle Critical Patch Update Advisory - January 2023 (Oracle)
✖
