20241016001 - Oracle WebLogic Server Vulnerability (#1046)

carel-v98 · web-flow · commit 63015270b0cc · 2024-10-16T14:02:14.000+08:00
* Format markdown docs

* 20241016001 - Oracle WebLogic Server Vulnerability

* Format markdown docs

* Updated cve link to match template

* Format markdown docs

---------

Co-authored-by: carel-v98 &lt;carel-v98@users.noreply.github.com&gt;
diff --git a/docs/advisories/20240503001-Apache-ActiveMQ-Vulnerability.md b/docs/advisories/20240503001-Apache-ActiveMQ-Vulnerability.md
@@ -7,12 +7,10 @@ In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web con
 To mitigate, users can update the default conf/jetty.xml configuration file to add authentication requirement:
 
 ```xml
-<?xml version="1.0" encoding="utf-8"?>
 <bean class="org.eclipse.jetty.security.ConstraintMapping" id="securityConstraintMapping">
- <property name="constraint" ref="securityConstraint"/>
- <property name="pathSpec" value="/"/>
+  <property name="constraint" ref="securityConstraint" />
+  <property name="pathSpec" value="/" />
 </bean>
-
 ```
 
 Or Apache encourage users to upgrade to Apache ActiveMQ 6.1.2 where the default configuration has been updated with authentication by default.
diff --git a/docs/advisories/20241016001-Oracle-WebLogic-Server-Vulnerability.md b/docs/advisories/20241016001-Oracle-WebLogic-Server-Vulnerability.md
@@ -0,0 +1,35 @@
+# Oracle WebLogic Server Vulnerability - 20241016001
+
+## Overview
+
+The WA SOC has been made aware of an easily exploitable vulnerability that allows an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
+
+## What is vulnerable?
+
+\<\<\<\<\<\<\< HEAD
+
+| Product(s) Affected    | Version(s)                         | CVE                                                               | CVSS | Severity     |
+| ---------------------- | ---------------------------------- | ----------------------------------------------------------------- | ---- | ------------ |
+| Oracle WebLogic Server | Versions 12.2.1.4.0 and 14.1.1.0.0 | [CVE-2024-21216](https://nvd.nist.gov/vuln/detail/CVE-2024-21216) | 9.8  | **Critical** |
+
+=== ====
+
+| Product(s) Affected    | Version(s)                         | CVE                                                              | CVSS | Severity     |
+| ---------------------- | ---------------------------------- | ---------------------------------------------------------------- | ---- | ------------ |
+| Oracle WebLogic Server | Versions 12.2.1.4.0 and 14.1.1.0.0 | CVE-2024-21216 <https://nvd.nist.gov/vuln/detail/CVE-2024-21216> | 9.8  | **Critical** |
+
+> > > > > > > 9bc5b469935722a2c401725b707dd37601db910f
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- <https://www.oracle.com/security-alerts/cpuoct2024.html>
+
+## Additional References
+
+- Tenable: <https://www.tenable.com/cve/CVE-2024-21216>
