Outbreak Alert

Oracle WebLogic Server Vulnerability

Released: May 05, 2023

Updated: May 08, 2023

Download PDF »

Oracle WebLogic Server Vulnerability

High Severity

Oracle Vendor

Attack, Vulnerability Type

Attackers target vulnerable WebLogic servers

Known exploited vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. This vulnerability allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data on the Oracle WebLogic Server and the confidentiality impact of the vulnerability is rated as "High". Learn More »

Common Vulnerabilities and Exposures

CVE-2023-21839

Background

Oracle WebLogic Server is a unified and extensible platform for developing, deploying and running enterprise applications, such as Java, for on-premises and in the cloud. In the previous years, we have seen some other vulnerabilities namely, CVE-2018-3252, CVE-2020-14645 and CVE-2020-2883 in the Oracle WebLogic Server. FortiGuard Labs provided IPS signature protections against these flaws in 2018 and 2020 respectively. According to the IPS telemetry, we can see the attacks are still active in 2023. Go to Additional Resources for full Threat Encyclopedia.

Threat Radar Overall Score:

	CVSS Rating	7.5
	FortiRecon Score	92/100
	Known Exploited	Yes
	Exploit Prediction Score	93.4%
	FortiGuard Telemetry	13294

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

January, 2023: Oracle released a critical patch update advisory. The affected versions of Oracle WebLogic server include 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0.
https://www.oracle.com/security-alerts/cpujan2023.html

May 1, 2023: CISA added CVE-2023-21839 in CISA's Known Exploited Vulnerabilities Catalog (KEV).

May 2, 2023: FortiGuards Labs released a Threat Signal on the vulnerability
https://www.fortiguard.com/threat-signal-report/5154

FortiGuard Labs has released an IPS signature to detect and block attack attempts targeting vulnerable Oracle WebLogic Server and also recommends organizations to review and patch affected versions as recommended in the vendor advisory.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

Lure
Decoy VM
IPS
Post-execution

DETECT

Outbreak Detection
Threat Hunting
Content Update

RESPOND

Assisted Response Services
Automated Response

RECOVER

InfoSec Services

IDENTIFY

Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...

References

Sources of information in support and relation to this Outbreak and vendor.

The Hacker News

Learn More »

CISA KEV

Learn More »

FortiGuard IPS for CVE-2018-3252

Learn More »

FortiGuard IPS for CVE-2020-14645 & CVE-2020-2883

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Outbreak Alert

Oracle WebLogic Server Vulnerability

Attackers target vulnerable WebLogic servers

Common Vulnerabilities and Exposures

Background

Threat Radar Overall Score: 4.4

Latest Development

FortiGuard Cybersecurity Framework

Threat Intelligence

IOC Threat Activity

References

The Hacker News

CISA KEV

FortiGuard IPS for CVE-2018-3252

FortiGuard IPS for CVE-2020-14645 & CVE-2020-2883

About FortiGuard Outbreak Alerts

Threat Intelligence
Center

Threat Radar Overall Score: