Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000019

[Content Description]
【CVE-2026-21962, CVSS: 10.0】 This vulnerability exists in Oracle Fusion Middleware's Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in products. It allows unauthenticated attackers to access related services via HTTP. If successfully exploited, it could lead to the creation, deletion, modification, and access of sensitive data without authorization.

【CVE-2026-21969, CVSS: 9.8】 This vulnerability exists in Oracle Supply Chain's Oracle Agile Product Lifecycle Management for Process product. It allows unauthenticated attackers to access and compromise the system via HTTP, potentially leading to complete system takeover.

[Affected Platforms]
Oracle Fusion Middleware 12.2.1.4.0
Oracle Fusion Middleware 14.1.1.0.0
Oracle Fusion Middleware 14.1.2.0.0
Oracle Supply Chain 6.2.4

[Recommended Actions]
Patch according to the solutions released on the official website: https://www.twcert.org.tw/tw/cp-169-10649-8c72e-1.html

[References]
1 https://www.twcert.org.tw/tw/cp-169-10649-8c72e-1.html