Tenable wrote a good article. Sadly they also missed that weblogic server has no business reaching out to just any server on the one internet hence a good mitigation strategy is also block outgoing traffic from any weblogic server to internet. That could be faster mitigating solution than negotiate with business owners an out of cycle patch window. Of course the patch should be applied anyway later.
We have all tested this postulate: ‘One needs to first walk before running ’. This applies in life as well as in cyber-security. I have seen many companies buying shiny & blinking boxes without first addressing fundamental controls, then failing to receive the promised value from these investments.Read More