My Oracle Support Banner

API CS WLS Gateway Vulnerabilities (Doc ID 2420758.1)

Last updated on AUGUST 07, 2018

Applies to:

Oracle API Platform Cloud Service - Version N/A and later
Information in this document applies to any platform.

Goal


Penetration testing revealed some critical Vulnerabilities in the WLS Gateway instances.

Oracle WebLogic Server Deserialization RCE - CVE-2018-2628
Oracle WebLogic Server Java Object Deserialization RCE

How to resolve these critical vulnerabilities. Will there be a patch available via API CS environment for the gateways?

Note that are gateway nodes are at version 18.2.1
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.