Oracle has released a security alert to address a vulnerability in WebLogic Server, versions 10.3.6.0.0, 18.104.22.168.0. A remote attacker could exploit this vulnerability to take control of an affected system.CERT Bulgaria recommends users and administrators to review the Oracle Security Alert and the Multi-State Information Sharing & Analysis Center Advisory 2019-048 for more information and apply the necessary updates.
Some of the recommendations are:
- As a temporary workaround, consider disabling the WLS9_ASYNC and WLS-WSAT components until a patch is available.
- When available, apply appropriate updates provided by Oracle to affected systems immediately after appropriate testing.
- Apply the Principle of Least Privilege to all systems and services.
- Verify no unauthorized system modifications have occurred on system before applying patch.
- Monitor intrusion detection systems for any signs of anomalous activity.
- Unless required, limit external network access to affected products.