Critical Remotely Exploitable Oracle Weblogic Server Vulnerabilities
When it comes to developing enterprise-level web applications Oracle’s Weblogic Server is an industry-leading application server for developing business applications. This Weblogic Server uses Java Enterprise Edition standards for web app development. You can simply think of Oracle Weblogic Server as middleware because it interacts with users as well as the back-end database, aka bridge between users and database. But what’s more important is that recently Oracle detected some critical Weblogic Server Vulnerabilities that can be exploited remotely from anywhere around the globe.
Businesses using Oracle Weblogic Servers went very tensed as multiple flaws have been found in these Weblogic Servers. Let’s discuss this topic in more detail in today’s article.
How Did Oracle Detected Weblogic Server Vulnerabilities?
So on Tuesday Oracle released its Critical Patch Update for July 2021 and across multiple Oracle products a total of 342 vulnerabilities have been found. Though these flaws are not critical however, some of the found vulnerabilities have been reported to provide control over the affected system to attackers remotely.
Severe Vulnerabilities In Weblogic Server
However, one noticeable vulnerability is CVE-2019-2729. This is a decentralised remotely exploitable vulnerability that can give access to attackers without authentication.
Among the below-listed vulnerabilities, the CVE which scores CVSS 9.8 affects Weblogic Server versions 11.1.2.4 and 11.2.5.0.
- CVE-2021-2394 (CVSS score: 9.8)
- CVE-2021-2397 (CVSS score: 9.8)
- CVE-2021-2382 (CVSS score: 9.8)
- CVE-2021-2378 (CVSS score: 7.5)
- CVE-2021-2376 (CVSS score: 7.5)
- CVE-2021-2403 (CVSS score: 5.3)
So Oracle Weblogic Server customers are advised to update their systems to the newest possible version as soon as possible.