What is Oracle WebLogic?
Oracle WebLogic is an enterprise
application server developed by Oracle. According to 6sense.com, the
application server is used by thousands of companies namely AT&T, NTT
Data, Verizon, etc.
What is the attack?
The attack targets
vulnerable Oracle WebLogic Server specifically in Oracle Fusion Middleware. The vulnerability is tracked under CVE-2023-21839 and exploits the flaw that allows unauthorized access to the
vulnerable servers via T3 and IIOP (Oracle proprietary protocol). The affected
versions are: 188.8.131.52.0, 184.108.40.206.0 and 220.127.116.11.0.
The vulnerability has a CVSS base score of 7.5 and attack
complexity is rated “low” in the vendor advisory.
Why this is significant?
On May 1st, 2023, CISA
(Cybersecurity & Infrastructure Security Agency) added the Oracle
WebLogic Server vulnerability (CVE-2023-21839) to their Known Exploited
Vulnerabilities Catalog. Successful exploitation of the vulnerability allows
unauthenticated attacker to compromise vulnerable Oracle WebLogic Server.
What is the vendor solution?
Oracle released a critical patch
What is the FortiGuard Coverage?
Fortinet customers are protected via FortiGuard IPS – refer to the Outbreak Alert for Oracle WebLogic Server Vulnerability for the full FortiGuard coverage details.