WebLogic Server Needs Immediate Patching
If you are using an Oracle WebLogic Server in your environment, you must patch it now.
This easily exploitable vulnerability allows an unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server.
Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. To compound this further, it is currently being exploited and has been assigned a CVSS score of 9.8 out of 10.
More Oracle Updates
Oracle has released its July 2018 updates to address a total of 334 security vulnerabilities, the largest number of flaws resolved with a Critical Patch Update (CPU) to date. Over 200 of the bugs may be remotely exploitable without authentication.
Robert Brown, Director of Services for Verismic said, “IT Managers are so focused on patching Windows, that they lose focus on the applications within their environment which can be exploited just as easy as the OS.”
Your patching strategy should accommodate all weaknesses. This includes the applications used within your environment.
All Oracle customers are advised to apply the fixes included in Oracle’s Critical Patch Updates without delay, as some of the addressed vulnerabilities are being targeted by malicious actors in live attacks.
Affected Products and Patch Information
Security vulnerabilities addressed by this Critical Patch Update affect the products listed below. The product area is shown in the Patch Availability Document column. Please click on the links in the Patch Availability Document column below to access the documentation for patch availability information and installation instructions.