Oracle WebLogic Detection and Mitigation

Detection and Remediation

Now that we’ve covered the vulnerabilities, let’s get into how we can detect and mitigate these critical flaws using a SaaS platform. Trend Micro Cloud One™ includes seven security services that help developers build securely and quickly from the moment code is committed into their repository. It’s integrated with Trend Micro Vision One™, which uses its industry-leading XDR capabilities to collect and correlate data across multiple security layers. Both products leverage automation, customizable APIs, and turnkey third-party integrations to simplify security.

By deploying Trend Micro Cloud One security services in your cloud environment of choice, you can continually scan files, images, containers, and even open source code, for malware and misconfigurations. Trend Micro Vision One ties everything together with XDR—it correlates events across Trend Micro Cloud One services so you can see everything that’s happening from a straightforward dashboard. Third-party integrations with your preferred communication channels ensures everyone is on the same page—ideal for those adopting a DevSecOps culture.

Ok, enough marketing. Let’s get into how Trend Micro Cloud One services can help you detect Oracle WebLogic Server vulnerabilities before a full-scale RCE attack is launched.

Trend Micro Cloud One:

As we mentioned, the attacker is scanning for Oracle WebLogic Server vulnerabilities so it can launch a RCE attack and compromise the entire system. Trend Micro Cloud One services offer multi-layered protection to shore up hard-to-find T3 deserialization events. Trend Micro Cloud One™ – Network Security adds a layer of protection between the vulnerable Oracle WebLogic Server while Trend Micro Cloud One™ – Workload Security ensures your valuable containers and data centers are secured. Network Security continually scans and inspects ingress and egress traffic while leveraging protocol analysis, anomaly detection, indicators of compromise (IoC) blocking, and other methods to detect malware.

You can customize Workload Security post-scan actions to quarantine the detected threat for further investigation, after which it will be released or blocked. If the block action is unsuccessful, other Workload Security features are still activated to stop the threat. While this is happening, all necessary teams are notified of the entire investigation via preferred communication channels.

The following is a list of Network Security and Workload Security filters for detecting vulnerabilities:

Workload Security:
1010590 – Oracle WebLogic Server Remote Code Execution Vulnerabilities (CVE-2020-14882, CVE-2020-14750 and CVE-2020-14883)

1011096 – Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2021-2394)

Network Security:
Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2020-14750,
CVE-2020-14882, CVE-2020-14883)

Oracle WebLogic Server Memory Corruption Vulnerability

Trend Micro Vision One:

XDR capabilities correlate the Oracle WebLogic Server detections into the Trend Micro Vision One) Workbench, allowing security teams to see the entire chain of attack and drill-down into affected components.

Incident View:
Here is the incident view of CVE-2021-2394. This view gives you a snapshot of the vulnerability.

Read More HERE