Preface: WebLogic was a company (from 1995 to 1998) credited with creating the first J2EE application server, the WebLogic Application Server.

Background: Oracle Fusion Middleware provides the WebLogic Management Framework, which provides heterogeneous management capabilities for Oracle Fusion Middleware products that require basic administrative capabilities.
Fusion Middleware Control is a Web-based administration console used to manage Oracle Fusion Middleware, including components such as Oracle WebLogic Server, Oracle Coherence, and Oracle HTTP Server.
Oracle HTTP Server is based on Apache HTTP Server infrastructure, and includes modules developed specifically by Oracle. The features of single sign-on, clustered deployment, and high availability enhance the operation of the Oracle HTTP Server.

Vulnerability details: The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2023 Critical Patch Update. It is, therefore, affected by multiple vulnerabilities.

• Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.
• Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (XStream)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0.
• Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Apache Commons Compress)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0.

Official announcement: For details, please refer to the following link – https://www.oracle.com/security-alerts/cpuapr2023.html