you are safe behind a firewall until someone find another way to get in
if they manage to get in, you are happy to have applyed the security patch
I was not too concerned about this particular vulnerability (CVE-2020-2883) , but now I am sitting here with my jaw dropped open! This particular blog post about it says "even with a firewall level block on such traffic, a T3 request can still sneak through under the wrapper of an HTTPS request to find its way into an organisation’s internal infrastructure."
So the question then becomes, do I really want to really on our infrastructure group's firewall? It sounds like it may even be able to sneak through in this case! The blog above also mentions using well-known (Trusted) CAs for cert authorities, and I am not sure if our organization does.
Evenso, regardless, as the DBA, you raise a good point - IF they get through the firewall, THEN I am happy.
At least I did my part to prevent it. I certainly do not want to be the person in an org that is faulted for being the culprit IF the external firewall does not hold up.
getting through the firewall is not easy, but user on their computer are easy target to get trought
you are not even safe behind a firewall
last year there was a bug in weblogic, where the attack uses a seeded webservice in weblogic, and used it to install the virus.
calling the webservice was done behind the firewall, and it went through the firewall because it uses the port used for all deployed apps.
you should always update weblogic critical patches.