Home > Cyber News > Oracle Patches 342 Flaws, Most Critical of Which Is CVE-2019-2729 in Oracle WebLogic Server
CYBER NEWS

Oracle Patches 342 Flaws, Most Critical of Which Is CVE-2019-2729 in Oracle WebLogic Server

by   |  Last Update:  |  0 Comments  

CVE-2019-2729-oracle-weblogic-server-flaw-sensorstechforumNew Oracle WebLogic Server vulnerabilities were just reported with the Critical Patch Update for July 2021. 342 issues were fixed across multiple Oracle products, some of which remotely exploitable and enabling attackers to take control of vulnerable systems.

CVE-2019-2729 in Oracle WebLogic Server Web Services

The most critical of all issues appears to be CVE-2019-2729, a critical deserialization flaw via XMLDecoder and Oracle WebLogic Server Web Services. The bug can be deployed in remote attacks without the need of any authentication. For example, it may be exploited over a network without the need for a username and password, Oracle noted in its advisory.





“Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible,” the company added. The vulnerability was first reported in 2019, when it was addressed in an out-of-band patch.

Oracle also fixed six other issues in its WebLogic Server, three of which rated 9.8 out of 10 on the CVSS scale. Here’s the list of the vulnerabilities: CVE-2021-2394, CVE-2021-2397, CVE-2021-2382, CVE-2021-2378, CVE-2021-2376, and CVE-2021-2403.

Oracle has fixed various flaws in many of its products over the years. One of them, CVE-2019-2725, also in the Oracle WebLogic Server application, was abused in 2019 by hackers to drop Monero miners. Using the flaw, remote attackers could start a PowerShell command on the server to trigger a payload download of a certificate file to the host. The certification utility would then decode the contents of the file, and eventually lead to an uncompressed file.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. CVE-2019-2568 in Oracle WebLogic Endangers 36,000 Servers Another day, another vulnerability. The cybersecurity mantra is giving us...
  2. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  3. CVE-2019-2725 Oracle WebLogic Server Flaw Leads To Monero Miner Infections The CVE-2019-2725 vulnerability which is exhibited in the Oracle WebLogic...
  4. CVE-2018-3110: Critical Vulnerability in Oracle Database Disclosed Another day, another vulnerability that needs to be patched as...
  5. Oracle Fixes CVE-2017-3622, 298 Security Flaws in April 2017’s Advisory Oracle has just issued a patch addressing a whole lot...
  6. Oracle Has Fixed 270 Security Flaws in Its Products Oracle’s first quarterly critical dose of patches has been released....
  7. Google Versus Oracle Over Android API. Google 1: Oracle 0 Have you heard of the lawsuit between Google and Oracle?...
  8. Microsoft Patches CVE-2019-1214, CVE-2019-1215 Zero-Day Flaws Two zero-day vulnerabilities were fixed in Microsoft’s September 2019 Patch...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree