Vulnerability
The insecure deserialization vulnerability in certain versions of Oracle Weblogic (Server product of Oracle Fusion Middleware) exploited by a remote attacker with network access via IIOP, by sending crafted requests to the server. Successful exploitation will enable an attacker to execute arbitrary codes and eventually result in takeover of Oracle Weblogic server.
Vulnerable versions
Oracle WebLogic Server 10.3.6 Oracle WebLogic Server 12.1.3 Oracle WebLogic Server 12.2.1.3 Oracle WebLogic Server 12.2.1.4
Mitigation / Precaution
In order to patch this vulnerability, please install the official patch released by Oracle.(https://www.oracle.com/security-alerts/cpujan2020.html)
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
