Oracle has released a security update to address two critical vulnerabilities (CVE-2021-2394 and CVE-2021-2397) present in its WebLogic Server product.
The two vulnerabilities may allow an unauthenticated attacker with network access via T3, Internet Inter-ORB Protocol (IIOP) to compromise a vulnerable server. Successful exploitation can result in a takeover of the server. Oracle has assessed that these vulnerabilities are easily exploitable.
Both vulnerabilities are present in Oracle WebLogic Server versions 10.3.6.0.0, 22.214.171.124.0, 126.96.36.199.0, 188.8.131.52.0 and 184.108.40.206.0.
Administrators and users of affected product versions are advised to apply the latest security updates immediately.
More information is available here: