Skip to the content.

DIVD-2022-00038 - Vulnerable Oracle WebLogic Server

Our reference DIVD-2022-00038
Case lead Victor Pasman
Author Tom Wolters
Researcher(s)
CVE(s)
Product Oracle WebLogic Server
Versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
Recommendation If you received a notification of a vulnerability, patch your system with the information provided in this notification.
Patch status Available
Status Open
Last modified 03 Jul 2022 18:19

Summary

In January ‘22 Oracle announced a critical patch update to mitigate multiple security vulnerabilities for their WebLogic Servers. DIVD started notifying owners of IP addresses where instances vulnerable to CVE-2022-21371 were found. A patch is available to mitigate this issue. Recipients of this email are advised to immediately update their Oracle WebLogic instance.

Impact

By leveraging the vulnerability, an unauthenticated attacker with network access to the Oracle WebLogic Server can see and download files readable for the WebLogic user. This means that files such as the sourcecode or possibly secrets stored on the server are readable by an malicious attacker.

What you can do

What we are doing

Timeline

Date Description
03 Jul 2022 DIVD starts investigating the scope and impact of the vulnerability.
03 Jul 2022 First version of this case file.
03 Jul 2022 First round of notifications sent to about 300 hosts
gantt title DIVD-2022-00038 - Vulnerable Oracle WebLogic Server dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2022-00038 - Vulnerable Oracle WebLogic Server (still open) :, 2022-08-17 section Events DIVD starts investigating the scope and impact of the vulnerability. : milestone, 2022-07-03, 0d First version of this case file. : milestone, 2022-07-03, 0d First round of notifications sent to about 300 hosts : milestone, 2022-07-03, 0d

More information