SB2023071994 - Multiple vulnerabilities in Oracle WebLogic Server 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023071994

SB2023071994 - Multiple vulnerabilities in Oracle WebLogic Server

Published: July 19, 2023

Security Bulletin ID SB2023071994
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 9% Medium 55% Low 36%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Incorrect default permissions (CVE-ID: CVE-2020-8908)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files located in the temporary directory set by the Guava com.google.common.io.Files.createTempDir(). A local user with access to the system can view contents of files and directories or modify them.


2) Improper input validation (CVE-ID: CVE-2023-22031)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


3) Information disclosure (CVE-ID: CVE-2021-28168)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. A local attacker can gain unauthorized access to sensitive information on the system.


4) Improper input validation (CVE-ID: CVE-2023-22040)

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. A remote privileged user can exploit this vulnerability to damange or delete data.


5) Input validation error (CVE-ID: CVE-2023-20863)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can use a specially crafted SpEL expression and perform a denial of service (DoS) attack.


6) Improper input validation (CVE-ID: CVE-2022-24409)

The vulnerability allows a remote authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Centralized Thirdparty Jars (BSAFE SSL-J) component in Oracle WebLogic Server. A remote authenticated user can exploit this vulnerability to execute arbitrary code.


7) Input validation error (CVE-ID: CVE-2023-20860)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an input validation error caused by using the wildcard ("**") as a pattern in Spring Security configuration with the mvcRequestMatcher, which creates a mismatch in pattern matching between Spring Security and Spring MVC. A remote attacker can bypass certain security restrictions.


8) Code Injection (CVE-ID: CVE-2022-42890)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the application allows running Java classes via JavaScript. A remote user can use JavaScript to execute a Java class on the system and obtain its execution results.

Example:

Runtime.getRuntime().exec("xxx");


9) Uncontrolled Recursion (CVE-ID: CVE-2023-1370)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion when processing nested arrays and objects. A remote attacker can pass specially crafted JSON data to the application and perform a denial of service (DoS) attack.


10) Uncontrolled Recursion (CVE-ID: CVE-2023-1436)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


11) Code Injection (CVE-ID: CVE-2023-26119)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when parsing XSTL code. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References