Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning throughout many solutions, some of which could be exploited by a remote attacker to just take handle of an influenced program.
Chief between them is CVE-2019-2729, a critical deserialization vulnerability through XMLDecoder in Oracle WebLogic Server Web Expert services which is remotely exploitable with out authentication. It truly is truly worth noting that the weakness was at first tackled as section of an out-of-band security update in June 2019.
Oracle WebLogic Server is an application server that functions as a platform for developing, deploying, and working business Java-dependent purposes.
The flaw, which is rated 9.8 out of a utmost of 10 on the CVSS severity scale, has an effect on WebLogic Server variations 18.104.22.168 and 11.2.5. and exists within the Oracle Hyperion Infrastructure Technology.
Also preset in WebLogic Server are 6 other flaws, 3 of which have been assigned a CVSS score of 9.8 out of 10 —
- CVE-2021-2394 (CVSS rating: 9.8)
- CVE-2021-2397 (CVSS score: 9.8)
- CVE-2021-2382 (CVSS rating: 9.8)
- CVE-2021-2378 (CVSS score: 7.5)
- CVE-2021-2376 (CVSS rating: 7.5)
- CVE-2021-2403 (CVSS score: 5.3)
This is considerably from the initially time critical issues have been identified in WebLogic Server. Before this calendar year, Oracle delivered the April 2021 patch with fixes for two bugs (CVE-2021-2135 and CVE-2021-2136), amid other folks that could be abused to execute arbitrary code.
Oracle customers are recommended to shift quickly to utilize the updates and defend units in opposition to likely exploitation.
Discovered this write-up intriguing? Abide by THN on Fb, Twitter and LinkedIn to browse a lot more distinctive written content we publish.
Some areas of this posting are sourced from: