Security News > 2021 > July > Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system.
Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without authentication.
Oracle WebLogic Server is an application server that functions as a platform for developing, deploying, and running enterprise Java-based applications.
The flaw, which is rated 9.8 out of a maximum of 10 on the CVSS severity scale, affects WebLogic Server versions 11.1.2.4 and 11.2.5.0 and exists within the Oracle Hyperion Infrastructure Technology.
Also fixed in WebLogic Server are six other flaws, three of which have been assigned a CVSS score of 9.8 out of 10 -.
This is far from the first time critical issues have been discovered in WebLogic Server.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/Zd_2qghHdqs/oracle-warns-of-critical-remotely.html
Related news
- Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments (source)
- Critical Exim bug bypasses security filters on 1.5 million mail servers (source)
- Progress warns of critical RCE bug in Telerik Report Server (source)
- Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk (source)
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) (source)
- Progress discloses second critical flaw in Telerik Report Server in as many months (source)
- GitHub Enterprise Server vulnerable to critical auth bypass flaw (source)
- You probably want to patch this critical GitHub Enterprise Server bug now (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-19 | CVE-2019-2729 | Improper Access Control vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 9.8 |