The US CISA added an old Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog after it was seen being exploited by Chinese hackers to deploy cryptocurrency miners.
The vulnerability, tracked as CVE-2017-3506, affects Oracle WebLogic Server and allows an unauthenticated attacker to access or modify critical data, enabling arbitrary OS command execution. Attackers can achieve remote code execution via specially crafted HTTP requests.
The issue was addressed by Oracle in 2017, and the initial exploitation happened during 2018. Last week, Trend Micro published a report on the activity of a threat actor named 8220 Gang’s, tracked as Water Sigbin seen exploiting CVE-2017-3506, as well as a more recent Oracle WebLogic Server flaw tracked as CVE-2023-21839.
This exploitation in the wild attributed to the addition of the bug to its KEV catalog and instructed government organizations to address the flaw by June 24.
