Security News > 2024 > June > Oracle WebLogic Server OS Command Injection Flaw Under Active Attack
2024-06-04 03:25
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an operating system (OS) command injection vulnerability that could be exploited to obtain unauthorized
News URL
https://thehackernews.com/2024/06/oracle-weblogic-server-os-command.html
Related news
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Oracle warns of Agile PLM file disclosure flaw exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-24 | CVE-2017-3506 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 7.4 |