Oracle this week released its quarterly Critical Patch Update for July 2021 that contains 342 new security patches for multiple product families. Some of the vulnerabilities addressed by the IT giant could be remotely exploited by attackers to take control of devices.
One of the most severe issues addressed by Oracle is a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. The CVE-2019-2729 flaw is a remote code execution vulnerability that could be exploited by an unauthenticated attacker.
“This Security Alert addresses CVE-2019-2729, a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.” reads the advisory published by Oracle.
“Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.”
The vulnerability received a CVSS score of 9.8 out of 10, it resides in the Oracle Hyperion Infrastructure Technology and affects WebLogic Server versions 11.1.2.4 and 11.2.5.0.
The company also addressed other vulnerabilities in WebLogic Server, three of which rated as critical severity:
Oracle urges customers to install security updates immediately.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Weblogic)
[adrotate banner=”5″]
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.