Oracle's January 2021 Critical Patch Update Fixes Five Critical WebLogic Flaws

In its first Critical Patch Update (CPU) of 2021, Oracle patched 202 CVEs in 329 security updates across 25 Oracle product families. These updates include fixes for five critical Oracle WebLogic Server vulnerabilities.

The Security Response Team’s analysis of this quarter’s release found that over 42% of all security updates were rated medium severity. Just 14% of the security updates this quarter were of critical severity, the highest severity possible.

As we note in our 2020 Threat Landscape Retrospective, Oracle WebLogic Server vulnerabilities are extremely popular with cybercriminals, and we often see them exploited in the wild, in some cases as zero-days. Just one day after Oracle published the January 2021 CPU, we have already seen a write-up for one of the WebLogic vulnerabilities, CVE-2021-2109.

For more information about this CPU release, including the availability of patches and Tenable product coverage, please visit our blog.