Dinh Ho Anh Khoa

**Name of the Vulnerable Software and Affected Versions** QuLog Center versions prior to 1.7.0.831 QuLog Center versions prior to 1.8.0.888 **Description** A link following vulnerability has been reported to affect QuLog Center, allowing remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. **Recommendations** For QuLog Center versions prior to 1.7.0.831, update to version 1.7.0.831 or later. For QuLog Center versions prior to 1.8.0.888, update to version 1.8.0.888 or later.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 12.1.3.0.0 through 14.1.1.0.0 **Description** The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via the T3 protocol to compromise the server. Successful attacks can result in the takeover of Oracle WebLogic Server. **Recommendations** For versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, consider restricting access to the T3 protocol until a patch is available. As a temporary workaround, consider disabling the Core component of Oracle WebLogic Server until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.