Oracle released its Critical Patch Update for July 2021, it fixes hundreds of flaws, including Critical Remotely Exploitable vulnerabilities in Weblogic Server.

Oracle this week released its quarterly Critical Patch Update for July 2021 that contains 342 new security patches for multiple product families. Some of the vulnerabilities addressed by the IT giant could be remotely exploited by attackers to take control of devices.

360 Mobile Vision - North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

One of the most severe issues addressed by Oracle is a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. The CVE-2019-2729 flaw is a remote code execution vulnerability that could be exploited by an unauthenticated attacker.

“This Security Alert addresses CVE-2019-2729, a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.” reads the advisory published by Oracle.

“Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.”

The vulnerability received a CVSS score of 9.8 out of 10, it resides in the Oracle Hyperion Infrastructure Technology and affects WebLogic Server versions and

The company also addressed other vulnerabilities in WebLogic Server, three of which rated as critical severity:

Oracle urges customers to install security updates immediately.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Weblogic)

The post Oracle fixes critical RCE vulnerabilities in Weblogic Server appeared first on Security Affairs.

By admin