The U.S. Cybersecurity and Infrastructure Security Agency (CISA) an Oracle WebLogic Server vulnerability to its .
The issue, tracked as (CVSS score 7.4), is an OS command injection.
The vulnerability resides in the Oracle WebLogic Server component of Oracle Fusion Middleware. The flaw impacts versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. An unauthenticated attacker with network access can exploit the flaw via HTTP to compromise Oracle WebLogic Server.
Successful exploitation of this vulnerability can lead to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all data accessible by the Oracle WebLogic Server.
According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix these vulnerabilities by June 24, 2024.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, Known Exploited Vulnerabilities catalog)