API CS WLS Gateway Vulnerabilities
(Doc ID 2420758.1)
Last updated on AUGUST 07, 2018
Applies to:Oracle API Platform Cloud Service - Version N/A and later
Information in this document applies to any platform.
Penetration testing revealed some critical Vulnerabilities in the WLS Gateway instances.
Oracle WebLogic Server Deserialization RCE - CVE-2018-2628
Oracle WebLogic Server Java Object Deserialization RCE
How to resolve these critical vulnerabilities. Will there be a patch available via API CS environment for the gateways?
Note that are gateway nodes are at version 18.2.1
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!