Thanks for visiting the site !!! Visit below intrested Ads to support us if you like the site .Sharing is caring .keep distance and keep safe . Happy Learning ... 😀

Critical Vulnerabilities in Oracle WebLogic Server

Oracle has released a security update to address two critical vulnerabilities (CVE-2021-2394 and CVE-2021-2397) present in its WebLogic Server product.

The two vulnerabilities may allow an unauthenticated attacker with network access via T3, Internet Inter-ORB Protocol (IIOP) to compromise a vulnerable server. Successful exploitation can result in a takeover of the server. Oracle has assessed that these vulnerabilities are easily exploitable.

Both vulnerabilities are present in Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.

Administrators and users of affected product versions are advised to apply the latest security updates immediately.

For more information refer below links

https://www.oracle.com/security-alerts/cpujul2021.html
https://nvd.nist.gov/vuln/detail/CVE-2021-2394
https://nvd.nist.gov/vuln/detail/CVE-2021-2397

https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=16ibgm3hi5_4&_afrLoop=159043395876885#OFMW12214

These hight critical CVE’s are addressed in JUL 2021 Patch . Down load the patch from above URL and Apply .

Based on the organisation entitlement you are entitled to download the patch and apply . check it before you download and apply .

Added sample for 12.2.1.3 and 12.2.1.4 . You need to update java to 301 and opatch as well before weblogic .

Oracle WebLogic ServerDownload and apply the SPB patch:WLS STACK PATCH BUNDLE 12.2.1.4.210411 Patch 32755791or laterOr download and apply the individual patches listed within section “Oracle WebLogic Server 12.2.1.4”The patches below are additionally required for the FMW Infrastructure:CVE-2020-25649, CVE-2021-2397, CVE-2021-2376, CVE-2021-2378, CVE-2021-2382, CVE-2021-2403, CVE-2021-2394, CVE-2021-2371, CVE-2021-2344, CVE-2021-2428See Note 2764636.1 Introducing the Stack Patch Bundle (SPB) with SPBAT Utility for Oracle WebLogic Server

Oracle WebLogic Server Proxy Plug-Ins for Third-Party Webservers

If using Identity and Access Management, refer to Oracle Identity and Access Management 12.2.1.4. The IDM Stack Patch Bundle includes all FMW Infrastructure and WLS patches.
Oracle WebLogic ServerDownload and apply the SPB patch:WLS STACK PATCH BUNDLE 12.2.1.3.210411Patch 32755804 or laterOr download and apply the individual patches listed within section “Oracle WebLogic Server 12.2.1.3”The patches below are additionally required for the FMW Infrastructure:CVE-2020-25649, CVE-2021-2397, CVE-2021-2376, CVE-2021-2378, CVE-2021-2382, CVE-2021-2403, CVE-2021-2394, CVE-2021-2371, CVE-2021-2344, CVE-2021-2428See Note 2764636.1 Introducing the Stack Patch Bundle (SPB) with SPBAT Utility for Oracle WebLogic Server

If using the WLS Proxy Plugin for Apache or IIS, refer to Oracle WebLogic Server Proxy Plug-Ins for Third-Party Webservers

If using Identity and Access Management, refer to Oracle Identity and Access Management 12.2.1.3. The IDM Stack Patch Bundle includes all FMW Infrastructure and WLS patches.

Keep the system upto date and make it as compliance all the time .

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *