Oracle WebLogic Server Vulnerability

Released: May 05, 2023

Updated: May 08, 2023


High Severity

Oracle Vendor

Attack, Vulnerability Type


Attackers target vulnerable WebLogic servers

Known exploited vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. This vulnerability allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data on the Oracle WebLogic Server and the confidentiality impact of the vulnerability is rated as "High". Learn More »

Common Vulnerabilities and Exposures

CVE-2023-21839

Background

Oracle WebLogic Server is a unified and extensible platform for developing, deploying and running enterprise applications, such as Java, for on-premises and in the cloud. In the previous years, we have seen some other vulnerabilities namely, CVE-2018-3252, CVE-2020-14645 and CVE-2020-2883 in the Oracle WebLogic Server. FortiGuard Labs provided IPS signature protections against these flaws in 2018 and 2020 respectively. According to the IPS telemetry, we can see the attacks are still active in 2023. Go to Additional Resources for full Threat Encyclopedia.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


January, 2023: Oracle released a critical patch update advisory. The affected versions of Oracle WebLogic server include 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0.
https://www.oracle.com/security-alerts/cpujan2023.html


May 1, 2023: CISA added CVE-2023-21839 in CISA's Known Exploited Vulnerabilities Catalog (KEV).

May 2, 2023: FortiGuards Labs released a Threat Signal on the vulnerability
https://www.fortiguard.com/threat-signal-report/5154

FortiGuard Labs has released an IPS signature to detect and block attack attempts targeting vulnerable Oracle WebLogic Server and also recommends organizations to review and patch affected versions as recommended in the vendor advisory.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
  • Lure

  • Decoy VM

  • IPS

  • Post-execution

DETECT
  • Outbreak Detection

  • Threat Hunting

  • Content Update

RESPOND
  • Assisted Response Services

  • Automated Response

RECOVER
  • InfoSec Services

IDENTIFY
  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0