Oracle issued an out-of-band security update over the weekend to address a critical remote code execution (RCE) vulnerability impacting multiple Oracle WebLogic Server versions. Unauthenticated attackers can remotely exploit this no-auth RCE flaw in the server’s console component via HTTP, without user interaction. The vulnerability received a 9.8 severity base score from Oracle, out of a maximum rating of 10.0 out of 10. The Cybersecurity and Infrastructure Security Agency (CISA) also urged users and administrators to apply the security update.
Source: https://www.bleepingcomputer.com/news/security/oracle-issues-emergency-patch-for-critical-weblogic-server-flaw/