Oracle this week released its quarterly Critical Patch Update for July 2021 that contains 342 new security patches for multiple product families. Some of the vulnerabilities addressed by the IT giant could be remotely exploited by attackers to take control of devices.
One of the most severe issues addressed by Oracle is a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. The CVE-2019-2729 flaw is a remote code execution vulnerability that could be exploited by an unauthenticated attacker.
“This Security Alert addresses CVE-2019-2729, a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.” reads the advisory published by Oracle.
“Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.”
The vulnerability received a CVSS score of 9.8 out of 10, it resides in the Oracle Hyperion Infrastructure Technology and affects WebLogic Server versions 126.96.36.199 and 188.8.131.52.
The company also addressed other vulnerabilities in WebLogic Server, three of which rated as critical severity:
Oracle urges customers to install security updates immediately.
(SecurityAffairs – hacking, Weblogic)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.