According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by an unnamed group of attackers.
Oracle WebLogic is a Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services on the cloud, which is popular across both, cloud environment and conventional environments.
The reported vulnerability is a deserialization issue via XMLDecoder in Oracle WebLogic Server Web Services that could allow unauthorized remote attackers to execute arbitrary code on the targeted servers and take control over them.
"This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," the advisory said.
In a separate note, the company also revealed that the flaw is related to a previously known deserialization vulnerability (CVE-2019-2725) in Oracle WebLogic Server that it patched in April this year.
The previously patched RCE flaw in Oracle WebLogic was also exploited by attackers as a zero-day i.e., to distribute Sodinokibi ransomware and cryptocurrency mining malware.
Reported independently by a separate group of individuals and organizations, the new vulnerability affects Oracle WebLogic Server versions 10.3.6.0.0, 126.96.36.199.0, and 188.8.131.52.0
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Due to the severity of this vulnerability, the company has recommended affected users and companies to install available security updates as soon as possible.
Other Important Security Updates from Oracle
Besides this, Cisco today also released several other software updates for various of its products that to addresses some critical and high severity vulnerabilities.
- Cisco TelePresence — a video conferencing system by Cisco, the software contains a high severity vulnerability that could allow remote attackers to execute arbitrary shell commands or scripts on the targeted device just by sending crafted CDP packets to an affected device.
- Cisco SD-WAN Solution — The vManage web-based interface of the software-defined WAN solutions by Cisco contains three flaws, two of which have been rated high in severity, and one is critical. Two of these allow an attacker to elevate his privileges to the root user, whereas one flaw could allow an authenticated, remote attacker to execute arbitrary commands with root privileges.
- Cisco Router Management Interface — Cisco's RV110W, RV130W, and RV215W Routers contains a denial-of-service vulnerability that could allow an unauthenticated attacker to cause a reload of an affected device. Another flaw in this product affected by a medium severity issue that could expose the list of devices that are connected to the guest network to remote attackers.