Summary: Oracle’s October 2024 Critical Patch Update addresses 329 vulnerabilities, including five severe flaws in the WebLogic Server that could lead to system takeovers and data breaches. The most critical vulnerability, CVE-2024-21216, allows unauthenticated remote exploitation via default-enabled protocols, posing significant risks to users.
Threat Actor: Cybercriminals | cybercriminals
Victim: Oracle WebLogic Server users | Oracle WebLogic Server users
Key Point :
- Oracle’s CPU addresses 329 vulnerabilities, with five critical ones in WebLogic Server.
- CVE-2024-21216 allows complete system takeover via T3 and IIOP protocols, which are enabled by default.
- Other vulnerabilities could lead to DoS attacks or unauthorized data access, all rated with high CVSS scores.
- Oracle urges immediate patch application to mitigate risks of remote exploitation.
Oracle has recently rolled out its October 2024 Critical Patch Update (CPU), addressing 329 vulnerabilities across a variety of products. Among these are five severe vulnerabilities within the Oracle WebLogic Server Core component, a widely used Java-based application server platform. These vulnerabilities, if left unpatched, could expose users to significant risks, including complete system takeovers, data breaches, and Denial-of-Service (DoS) attacks.
The vulnerabilities affect versions 12.2.1.4.0 and 14.1.1.0.0 of Oracle WebLogic Server, and have been rated with high CVSS scores, indicating their critical nature. The most dangerous of these, CVE-2024-21216 (CVSS 9.8), is particularly concerning as it allows an unauthenticated attacker to exploit the system remotely via the T3 or IIOP protocols. Successful exploitation of this flaw can result in a complete system takeover, giving the attacker full control over the server.
CVE-2024-21216 is a severe vulnerability that allows an attacker with simple network access to exploit the WebLogic Server via the T3 and IIOP protocols, both of which are enabled by default in a standard WebLogic installation. The result? Full control of the compromised server without any need for user interaction.
Four other vulnerabilities, CVE-2024-21274, CVE-2024-21215, CVE-2024-21234, and CVE-2024-21260, all with a CVSS score of 7.5, also affect the same WebLogic Server versions. These flaws can lead to denial of service (DoS) conditions or unauthorized access to critical data.
The T3 and IIOP protocols, used for communication between WebLogic and other Java programs, are often enabled by default in WebLogic installations. This makes these vulnerabilities particularly concerning, as attackers could exploit them to gain unauthorized access to sensitive data or disrupt critical services.
Oracle has acted swiftly to address these vulnerabilities by releasing patches. The company urges all users to immediately apply the updates, especially for WebLogic instances that expose the T3 and IIOP protocols to the internet. Without these critical patches, organizations face heightened risks of remote exploitation and significant operational disruptions.