Oracle WebLogic Server Vulnerability
Attackers target vulnerable WebLogic servers
Known exploited vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. This vulnerability allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data on the Oracle WebLogic Server and the confidentiality impact of the vulnerability is rated as "High".
Oracle WebLogic Server is a unified and extensible platform for developing, deploying and running enterprise applications, such as Java, for on-premises and in the cloud. In the previous years, we have seen some other vulnerabilities namely, CVE-2018-3252, CVE-2020-14645 and CVE-2020-2883 in the Oracle WebLogic Server. FortiGuard Labs provided IPS signature protections against these flaws in 2018 and 2020 respectively. According to the IPS telemetry, we can see the attacks are still active in 2023. Go to Additional Resources for full Threat Encyclopedia.
January, 2023: Oracle released a critical patch update advisory. The affected versions of Oracle WebLogic server include,,
Latest Developments
May 1, 2023: CISA added CVE-2023-21839 in CISA's Known Exploited Vulnerabilities Catalog (KEV). May 2, 2023: FortiGuards Labs released a Threat Signal on the vulnerability FortiGuard Labs has released an IPS signature to detect and block attack attempts targeting vulnerable Oracle WebLogic Server and also recommends organizations to review and patch affected versions as recommended in the vendor advisory.

Countermeasures across the security fabric for protecting assets, data and network from cybersecurity events:



Detects attack attempts related to Oracle WebLogic Server Vulnerability and prevents lateral movement on the network segment

Decoy VM

Detects attack attempts related to Oracle WebLogic Server Vulnerability and prevents lateral movement on the network segment




Detects and blocks attack attempts related to Oracle WebLogic Server Vulnerability (CVE-2023-21839)

DB 23.547
DB 23.547
DB 23.547
DB 23.547
DB 23.547



Detects and blocks post exploitation activity related to known and unkown malware


Find and correlate important information to identify an outbreak, the following updates are available to raise alert and generate reports:

Outbreak Detection

DB 2.00002
Threat Hunting
Content Update

DB 315

Develop containment techniques to mitigate impacts of security events:

Automated Response

Services that can automaticlly respond to this outbreak.

Assisted Response Services

Experts to assist you with analysis, containment and response activities.


Improve security posture and processes by implementing security awareness and training, in preparation for (and recovery from) security incidents:

InfoSec Services

Security readiness and awareness training for SOC teams, InfoSec and general employees.


Identify processes and assets that need protection:

Attack Surface Monitoring (Inside & Outside)

Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.