Skip to content Skip to sidebar Skip to footer

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

Oracle released its quarterly Critical Patch Update for July 2021 with 342 fixes. Among them is a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that’s remotely exploitable without authentication. The flaw is rated 9.8 out of a maximum of 10 on the CVSS severity scale. Earlier this year, Oracle shipped the April 2021 patch with fixes for two bugs (CVE-2021-2135) that could be abused to execute arbitrary code. Oracle customers are advised to move quickly to apply the updates and protect systems against potential exploitation.


Sign Up to Our Newsletter

Be the first to know the latest updates