I. Overview

Oracle officially released a patch update notice for January, 2021 and disclosed multiple high-risk WebLogic Server vulnerabilities, including a remote code execution vulnerability (CVE-2021-2109) that can be easily exploited by attackers to construct malicious requests and remotely execute code.

If you are a WebLogic user, check your WebLogic version and implement timely security hardening.

For more information about this vulnerability, visit Oracle Critical Patch Update Advisory - January 2021.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

WebLogic 10.3.6.0.0

WebLogic 12.1.3.0.0

WebLogic 12.2.1.3.0

WebLogic 12.2.1.4.0

WebLogic 14.1.1.0.0

IV. Vulnerability Handling

This vulnerability has been fixed in an officially released patch. If your service version falls into the affected range, install the patch.

Temporary workarounds:

1. Disable the T3 protocol.

2. Disable Internet Inter-Orb Protocol (IIOP).

3. Block Internet access to /console/console.portal.

HUAWEI CLOUD Web Application Firewall (WAF) can defend against attacks exploiting this vulnerability. If you are a WAF user, set the Mode to Block in the Basic Web Protection configuration area. For details, see Configuring Basic Web Protection Rules.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.