InfoSecBulletin Cybersecurity for mankind
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog.
CVE-2017-3506 is an operating system (OS) command injection vulnerability which could be exploited to obtain unauthorized access as well as the full control.
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
“Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document,” CISA said.
The vulnerability is present in the oracle WebLogic Server component of Oracle Fusion Middleware, impacting versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. An unauthenticated attacker with network access can exploit the flaw via HTTP to compromise Oracle WebLogic Server.
Successful exploitations of this vulnerability can result data deletion, modification and all data accessible by the Oracle WebLogic Server.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
