Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in Oracle WebLogic Server
Alerts

Critical Vulnerabilities in Oracle WebLogic Server

22 July 2021

Oracle has released a security update to address two critical vulnerabilities (CVE-2021-2394 and CVE-2021-2397) present in its WebLogic Server product.

The two vulnerabilities may allow an unauthenticated attacker with network access via T3, Internet Inter-ORB Protocol (IIOP) to compromise a vulnerable server. Successful exploitation can result in a takeover of the server. Oracle has assessed that these vulnerabilities are easily exploitable.

Both vulnerabilities are present in Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.

Administrators and users of affected product versions are advised to apply the latest security updates immediately.

More information is available here:

https://www.oracle.com/security-alerts/cpujul2021.html

https://nvd.nist.gov/vuln/detail/CVE-2021-2394

https://nvd.nist.gov/vuln/detail/CVE-2021-2397


Back to top