Hello all -
The Qualys WAS scanning engine has been updated with a new vulnerability detection for a serious flaw in Oracle's WebLogic Server. Specifically, we are talking about CVE-2017-10271. If successfully exploited, this vulnerability allows a remote attacker to run arbitrary code on the targeted system. Not good!
Vulnerable versions of WebLogic Server are:
QID 150196 will be reported if this vulnerability is detected during a scan. As a remote code execution (RCE) vulnerability, this is a severity "5" issue, the most severe rating in WAS. To remediate this issue, Oracle's critical patch update should be applied.