Oracle WebLogic server is vulnerable to an information disclosure flaw that can lead to remote code execution. Assigned with CVE-2023-21839, an attacker can exploit this vulnerability to gain unauthorized access to critical data. The vulnerability started getting noticed shortly after proof of concept (PoC) was published. Oracle WebLogic Server is a product of Oracle Fusion … Continue reading “Oracle WebLogic Server Information Disclosure Vulnerability (CVE-2023-21839)”
Tag: Oracle WebLogic Server
Oracle Releases 370 Security Patches for Various Oracle Products in October 2022 Patch Tuesday
Oracle October 2022 Patch Tuesday edition is out. The security update contains a total of 370 critical security patches affecting various Oracle product families. In this month’s update, 290 out of 370 security updates addressed are non-Oracle CVEs, or security flaws in third-party products (such as open-source components), which are exploitable in the context … Continue reading “Oracle Releases 370 Security Patches for Various Oracle Products in October 2022 Patch Tuesday”
Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability (CVE-2020-14750)
Overview Recently, Oracle released its critical October update to patch CVE-2020-14882. Oracle WebLogic Server has now observed that attackers can now bypass this patch exposing an unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2020-14750). As per CVE-2020-14750, unauthorized attackers can continue to bypass the WebLogic background login restrictions and control the server even after WebLogic is … Continue reading “Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability (CVE-2020-14750)”
Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2020-2883)
Summary: Oracle’s April 2020 patch addresses, a critical flaw in Oracle WebLogic Server as CVE-2020-2883 that can be exploited by an unauthenticated user for remote code execution. It has got major attention as CVssV3 score is 9.8/10. Description: WebLogic is a Java-based middleware solution, with thousands of servers running online. It sits between a front-facing … Continue reading “Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2020-2883)”