ADVISORY!
TLP : CLEAR
Date : 17/04/2024
REF NO : CERT / 2024/04/31
Oracle Products Multiple Vulnerabilities
Severity Level: High
Components Affected
- Oracle MySQL
- Java SE
- Oracle Database Server
- WebLogic Server
Overview
Multiple vulnerabilities were identified in Oracle Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure, data manipulation, cross-site scripting and security restriction bypass on the targeted system.
Description
CVE-2023-41993 have been actively exploited, allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition.
Impact
- Remote Code Execution
- Denial of Service
- Security Restriction Bypass
- Information Disclosure
- Data Manipulation
- Elevation of Privilege
- Cross-Site Scripting
Solution/ Workarounds
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
