Home > Cyber News > Oracle Patches 342 Flaws, Most Critical of Which Is CVE-2019-2729 in Oracle WebLogic Server

Oracle Patches 342 Flaws, Most Critical of Which Is CVE-2019-2729 in Oracle WebLogic Server

CVE-2019-2729-oracle-weblogic-server-flaw-sensorstechforumNew Oracle WebLogic Server vulnerabilities were just reported with the Critical Patch Update for July 2021. 342 issues were fixed across multiple Oracle products, some of which remotely exploitable and enabling attackers to take control of vulnerable systems.

CVE-2019-2729 in Oracle WebLogic Server Web Services

The most critical of all issues appears to be CVE-2019-2729, a critical deserialization flaw via XMLDecoder and Oracle WebLogic Server Web Services. The bug can be deployed in remote attacks without the need of any authentication. For example, it may be exploited over a network without the need for a username and password, Oracle noted in its advisory.

“Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible,” the company added. The vulnerability was first reported in 2019, when it was addressed in an out-of-band patch.

Oracle also fixed six other issues in its WebLogic Server, three of which rated 9.8 out of 10 on the CVSS scale. Here’s the list of the vulnerabilities: CVE-2021-2394, CVE-2021-2397, CVE-2021-2382, CVE-2021-2378, CVE-2021-2376, and CVE-2021-2403.

Oracle has fixed various flaws in many of its products over the years. One of them, CVE-2019-2725, also in the Oracle WebLogic Server application, was abused in 2019 by hackers to drop Monero miners. Using the flaw, remote attackers could start a PowerShell command on the server to trigger a payload download of a certificate file to the host. The certification utility would then decode the contents of the file, and eventually lead to an uncompressed file.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree