DIVD-2022-00038 - Vulnerable Oracle WebLogic Server
|Case lead||Victor Pasman|
|Product||Oracle WebLogic Server|
|Versions||188.8.131.52.0, 184.108.40.206.0, 220.127.116.11.0 and 18.104.22.168.0|
|Recommendation||If you received a notification of a vulnerability, patch your system with the information provided in this notification.|
|Last modified||03 Jul 2022 18:19|
In January ‘22 Oracle announced a critical patch update to mitigate multiple security vulnerabilities for their WebLogic Servers. DIVD started notifying owners of IP addresses where instances vulnerable to CVE-2022-21371 were found. A patch is available to mitigate this issue. Recipients of this email are advised to immediately update their Oracle WebLogic instance.
By leveraging the vulnerability, an unauthenticated attacker with network access to the Oracle WebLogic Server can see and download files readable for the WebLogic user. This means that files such as the sourcecode or possibly secrets stored on the server are readable by an malicious attacker.
What you can do
- Update your Oracle WebLogic instance to the latest version.
What we are doing
- DIVD is currently ensuring that the owners of vulnerable systems are being notified. We do this by scanning for vulnerable hosts, verifying the vulnerability and notifying the owners of these systems. If you receive an email from us regarding this case, the vulnerability has been confirmed.
|03 Jul 2022||DIVD starts investigating the scope and impact of the vulnerability.|
|03 Jul 2022||First version of this case file.|
|03 Jul 2022||First round of notifications sent to about 300 hosts|