轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202601-00000019

[內容說明]
【CVE-2026-21962，CVSS：10.0】 此漏洞存在Oracle Fusion Middleware的Oracle HTTP Server與Oracle Weblogic Server Proxy Plug-in產品中。允許未經身分驗證的攻擊者透過HTTP存取相關服務，若攻擊者成功利用，可能導致未經授權的敏感資料建立、刪除、修改和存取。

【CVE-2026-21969，CVSS：9.8】 此漏洞存在Oracle Supply Chain的Oracle Agile Product Lifecycle Management for Process產品中。允許未經身分驗證的攻擊者透過HTTP存取入侵系統，進而造成系統遭完全接管。

[影響平台]
Oracle Fusion Middleware 12.2.1.4.0
Oracle Fusion Middleware 14.1.1.0.0
Oracle Fusion Middleware 14.1.2.0.0
Oracle Supply Chain 6.2.4

[建議措施]
根據官方網站釋出的解決方式進行修補: https://www.twcert.org.tw/tw/cp-169-10649-8c72e-1.html

[參考資料]
1 https://www.twcert.org.tw/tw/cp-169-10649-8c72e-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000019

[Content Description]
【CVE-2026-21962, CVSS: 10.0】 This vulnerability exists in Oracle Fusion Middleware's Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in products. It allows unauthenticated attackers to access related services via HTTP. If successfully exploited, it could lead to the creation, deletion, modification, and access of sensitive data without authorization.

【CVE-2026-21969, CVSS: 9.8】 This vulnerability exists in Oracle Supply Chain's Oracle Agile Product Lifecycle Management for Process product. It allows unauthenticated attackers to access and compromise the system via HTTP, potentially leading to complete system takeover.

[Affected Platforms]
Oracle Fusion Middleware 12.2.1.4.0
Oracle Fusion Middleware 14.1.1.0.0
Oracle Fusion Middleware 14.1.2.0.0
Oracle Supply Chain 6.2.4

[Recommended Actions]
Patch according to the solutions released on the official website: https://www.twcert.org.tw/tw/cp-169-10649-8c72e-1.html

[References]
1 https://www.twcert.org.tw/tw/cp-169-10649-8c72e-1.html