SB2022072038 - Multiple vulnerabilities in Oracle WebLogic Server
Published: July 20, 2022 Updated: March 26, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2022-21564)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Web Services component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
2) Improper input validation (CVE-ID: CVE-2022-21560)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
3) Improper input validation (CVE-ID: CVE-2022-21557)
The vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Web Container component in Oracle WebLogic Server. A local privileged user can exploit this vulnerability to read and manipulate data.
4) Improper input validation (CVE-ID: CVE-2022-29577)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Enterprise Manager Install (AntiSamy) component in Enterprise Manager Base Platform. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
5) Improper input validation (CVE-ID: CVE-2022-21548)
The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to manipulate or delete data.
6) Information disclosure (CVE-ID: CVE-2021-40690)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. A remote attacker can abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
7) Input validation error (CVE-ID: CVE-2020-28491)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
8) Improper input validation (CVE-ID: CVE-2022-24839)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Centralized Third Party Jars (NekoHTML) component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
9) Out-of-bounds write (CVE-ID: CVE-2020-36518)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger out-of-bounds write and cause a denial of service condition on the target system.
10) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2020-11987)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
11) Improper input validation (CVE-ID: CVE-2021-2351)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Advanced Networking Option in Oracle Database Server. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
12) Origin validation error (CVE-ID: CVE-2021-26291)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to Apache Maven follows by default all repositories that are defined in a dependency’s Project Object Model (pom), including repositories accessible over HTTP protocol (e.g. without TLS encryption). A remote attacker can perform MitM attack and compromise the application.
13) Code Injection (CVE-ID: CVE-2022-22965)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted HTTP request to the affected application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
This vulnerability was dubbed "Spring4Shell".
14) Code Injection (CVE-ID: CVE-2021-23450)
The disclosed vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can inject and execute arbitrary script code via the setObject function.
15) Path traversal (CVE-ID: CVE-2022-23457)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in getValidDirectoryPath. A remote attacker can send a specially crafted HTTP request and allow control-flow bypass checks to be defeated.
Remediation
Install update from vendor's website.