Oracle WebLogic Server OS Command Injection Flaw Under Active Attack

2024-06-04 03:25

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an operating system (OS) command injection vulnerability that could be exploited to obtain unauthorized

News URL

https://thehackernews.com/2024/06/oracle-weblogic-server-os-command.html

#attack #commandinjection #oracle #server #weblogic #CVE-2017-3506

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2017-04-24	CVE-2017-3506	Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). network high complexity oracle	7.4

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Oracle		966	1139	6146	1113	739	9137

News URL

Related news

Related Vulnerability

Related vendor