CVE Security alert

What Does the CVE-2019-2729 Oracle Security Alert Mean for Me?

A new CVE security alert has been identified in Oracle Weblogic versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0.

This critical vulnerability will allow any attacker with network access to the Weblogic server, and – without having to provide a username and password – take control of the server and run any code on the server.

Ndevr strongly recommend that all Weblogic systems are patched.

The fix for the vulnerability has been released as a Security patch that needs to be applied over either the January 2019 or April 2019 Critical Patch Update (CPU). The steps to apply the fix  are therefore to first apply the April 2019 CPU (Patch 29016089)  and then apply the Security patch (Patch 29921455).

CVE security alert for older Weblogic versions

These are no longer patched by Oracle and may be vulnerable.

Ndevr recommend that any servers running older versions of Weblogic are patched to the latest version supported by your JD Edwards Tools release, and then patched as above to mitigate any risk.

Please contact support@ndevr.com.au for any further information or assistance to ensure that you remain protected from the vulnerability

Click here for additional documentation from Oracle

Ask Us About JD Edwards Managed Services 

Email ndevr@ndevr.com.au or Phone +61 (3) 9865 1400