Oracle WebLogic - Remote Code Execution (CVE-2023-21839)

Severity
CVSSv3 Score: 7.5
CVE: CVE-2023-21839

Vulnerability description

Oracle Weblogic is affected by a Remote Code Execution vulnerability inside the Core component.The root cause of this vulnerability is an insecure deserialization via T3, IIOP protocol that could allow an unauthenticated attacker to take control of the server. The attacker can send a crafted JNDI/RMI malicious object in order to achieve access to the server.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Upgrade the Oracle WebLogic to the latest version.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-21839

https://www.oracle.com/security-alerts/cpujan2023.html

Codename

Detectable with: Network Scanner
Exploitable with Sniper: Yes
Vuln date: Jan 2023
Published at: Apr 2023
Updated at: Apr 2023
Software Type: Web server
Vendor: Oracle
Product: WebLogic