On this week’s Tuesday, Oracle delivered its quarterly Critical Patch Update for July 2021 with 342 fixes spreading over across different of their products, some of which could be misused by any of the remote assailants to assume control of for an influenced framework.
The major one among them is CVE-2019-2729, a vital deserialization vulnerability by means of XMLDecoder in Oracle WebLogic Server Web Services that is remotely or distantly exploitable without validation or authentication. It’s significant that the said security gap was initially tended to as a component of an out-of-band security update in June 2019.
The Oracle WebLogic Server is an application server that capacities as a stage for creating, conveying, and running venture Java-based applications.
The said security gap, which is appraised at 9.8 out of a limit of 10 on the CVSS scale of severity, influences the WebLogic Server forms 22.214.171.124 and 126.96.36.199 and exists inside the Oracle Hyperion Infrastructure Technology.
Likewise fixed in the WebLogic Server are six other different security gaps, three of which have been allocated a CVSS score of 9.8 out of 10. The score is:
- CVE-2021-2382 (CVSS score: 9.8)
- CVE-2021-2394 (CVSS score: 9.8)
- CVE-2021-2403 (CVSS score: 5.3)
- CVE-2021-2378 (CVSS score: 7.5)
- CVE-2021-2397 (CVSS score: 9.8)
- CVE-2021-2376 (CVSS score: 7.5)
This is quite a long way from the first run-through of vital issues that have been found in the WebLogic Server. As of recently, Oracle transported the April 2021 fix with patch fixes for two security bugs (CVE-2021-2135 and CVE-2021-2136), among others that could be violated to execute self-assertive code.
The Oracle WebLogic Server clients are encouraged to move rapidly to apply the latest updates and ensure frameworks against any likely further abuse. The said security patches are said to be the remodification for the vulnerabilities found.