DIVD-2022-00038 - Vulnerable Oracle WebLogic Server
| Our reference | DIVD-2022-00038 |
| Case lead | Victor Pasman |
| Author | Tom Wolters |
| Researcher(s) | |
| CVE(s) | |
| Product | Oracle WebLogic Server |
| Versions | 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 |
| Recommendation | If you received a notification of a vulnerability, patch your system with the information provided in this notification. |
| Patch status | Available |
| Status | Closed |
| Last modified | 08 Mar 2023 20:26 CET |
Summary
In January 2022 Oracle announced a critical patch update to mitigate multiple security vulnerabilities for their WebLogic Servers. DIVD started notifying owners of IP addresses where instances vulnerable to CVE-2022-21371 were found. A patch is available to mitigate this issue. Recipients of this email are advised to immediately update their Oracle WebLogic instance.
Impact
By leveraging the vulnerability, an unauthenticated attacker with network access to the Oracle WebLogic Server can see and download files readable for the WebLogic user. This means that files such as the sourcecode or possibly secrets stored on the server are readable by an malicious attacker.
What you can do
- Update your Oracle WebLogic instance to the latest version.
What we are doing
- DIVD is currently ensuring that the owners of vulnerable systems are being notified. We do this by scanning for vulnerable hosts, verifying the vulnerability and notifying the owners of these systems. If you receive an email from us regarding this case, the vulnerability has been confirmed.
Timeline
| Date | Description |
|---|---|
| 03 Jul 2022 | DIVD starts investigating the scope and impact of the vulnerability. |
| 03 Jul 2022 | First version of this case file. |
| 03 Jul 2022 | First round of notifications sent to about 300 hosts |
| 31 Aug 2022 | Second round of notifications sent to about 165 hosts |
| 05 Oct 2022 | Third round of notifications sent to about 230 hosts |
gantt
title DIVD-2022-00038 - Vulnerable Oracle WebLogic Server
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2022-00038 - Vulnerable Oracle WebLogic Server (247 days) :2022-07-03, 2023-03-07
section Events
DIVD starts investigating the scope and impact of the vulnerability. : milestone, 2022-07-03, 0d
First version of this case file. : milestone, 2022-07-03, 0d
First round of notifications sent to about 300 hosts : milestone, 2022-07-03, 0d
Second round of notifications sent to about 165 hosts : milestone, 2022-08-31, 0d
Third round of notifications sent to about 230 hosts : milestone, 2022-10-05, 0d