Forum Stats

  • 3,825,190 Users
  • 2,260,478 Discussions
  • 7,896,432 Comments

Discussions

Impact of below CVEs on WebLogic that is shutdown

Mikkis
Mikkis Member Posts: 223 Blue Ribbon

Hi

First time dealing with WebLogic 10.3.6 (part of Oracle EPM/Hyperion deployment but with limited license) so please excuse if I ask silly questions.

Our IT pointed two vulnerabilities (Listed as part of Russian State-Sponsored Cyber Threats) when scanning using a third-party tool Rapid7 on Linux server and suggested us to patch the WebLogic to latest patch to remediate these 2 vulnerabilities.

I wouldn't mind patching but the problem is if we patch WebLogic 10.3.6 to latest version, we need to install Java 7, which then requires reconfiguring our whole Hyperion software as it is using Java 6.

We never patched WebLogic in the past as our Hyperion env is not internet facing and WebLogic is always in shutdown mode (Launching WebLogic URL won't bring up console unless we start it on server). All of the Hyperion software is patched very recently.

My question is do we really need to patch if the issue is just the above listed vulnerabilities as our WebLogic is always shutdown and not even internet facing.