Charley Celice

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0 **Description** The issue exists due to insufficient input validation, allowing a remote attacker to disclose protected information via HTTP requests. A difficult to exploit vulnerability allows a high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server, resulting in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. **Recommendations** For versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, consider restricting access to the Console component via HTTP to minimize the risk of exploitation. As a temporary workaround, consider disabling HTTP requests to the Oracle WebLogic Server until a patch is available. Restrict network access to the Oracle WebLogic Server to minimize the risk of exploitation by high privileged attackers.

**Name of the Vulnerable Software and Affected Versions** HESK versions prior to 3.1.10 **Description** The issue allows for reflected XSS. **Recommendations** For versions prior to 3.1.10, update to version 3.1.10 or later to resolve the issue.