Oracle WebLogic Server Vulnerabilities (CVE-2023-21839, CVE-2017-3506)

What is the attack?A threat actor known as “8220 Gang” is seen exploiting two vulnerabilities in the Oracle WebLogic server: CVE-2017-3506, which allows remote OS command execution, and CVE-2023-21839 is an insecure deserialization vulnerability. CISA recently added the Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog on 3 June 2023.What is the recommended Mitigation?Apply the most recent patch released by Oracle. In the advisory, Oracle mentioned that they continue to receive reports of exploitation attempts.What FortiGuard …

8220 gang actor attack catalog cisa command cve cve-2023-21839 deserialization exploited exploited vulnerabilities exploiting flaw gang insecure insecure deserialization june june 2023 known exploited known exploited vulnerabilities known exploited vulnerabilities catalog oracle oracle weblogic oracle weblogic server os command server threat threat actor vulnerabilities vulnerability weblogic what is