#Oracle Weblogic
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
Tumblr was created by web developers David Karp and Marco Arment.
Photo
Source details and larger version.
You predicted correctly that I have a collection of vintage oracles and fortune tellers.
258 notes
·
View notes
Photo
Source details and larger version.
You predicted correctly that I have a collection of vintage oracles and fortune tellers.
13 notes
·
View notes
Text
Oracle WebLogic Server OS Command Injection Flaw Under Active Attack
Source: https://thehackernews.com/2024/06/oracle-weblogic-server-os-command.html
More info: https://www.trendmicro.com/en_us/research/24/e/decoding-8220-latest-obfuscation-tricks.html
6 notes
·
View notes
Quote
独立行政法人情報処理推進機構(IPA)は1月17日、Oracle Java の脆弱性対策について発表した。影響を受けるシステムは以下の通り。Oracle Java SE 21.0.1Oracle Java SE 17.0.9Oracle Java SE 11.0.21Oracle Java SE 8 Update 391-perfOracle Java SE 8 Update 391 Oracle 社では Java SE に関する脆弱性について公表している。 Oracle 社では、攻撃された場合の影響が大きい脆弱性であることをアナウンスしているため、IPAでは早急に修正プログラムを適用するよう呼びかけている。 なお、一般社団法人JPCERT コーディネーションセンター(JPCERT/CC)でも1月17日、現地時間1月16日に公開された複数のOracle製品に対するクリティカルパッチアップデートに関する注意喚起を行っている。 JPCERT/CCでは、対象となる製品およびバージョンは多岐にわたるため、対象となる製品を利用している場合にはOracleの情報を参照し、アップデートの適用などを検討するよう呼びかけている。 また、PCにJava JREがプリインストールされている場合や、サーバで使用するソフトウェア製品にWebLogic Serverを使用している場合もあるため、利用中のPCやサーバに対象となる製品が含まれていないか確認するよう注意喚起を行っている。
Oracle Java SE に脆弱性、利用中の PC やサーバに対象製品が含まれている場合も | ScanNetSecurity
2 notes
·
View notes
Text
DevOps Engineer - PeopleSoft Administration, Oracle Cloud Infra
Job title: DevOps Engineer – PeopleSoft Administration, Oracle Cloud Infra Company: UnitedHealth Group Job description: , PUM upgrade experience Experience on working with Tuxedo, WebLogic, App Designer, Data Mover, and Oracle Database… Expected salary: Location: Hyderabad, Telangana Job date: Thu, 01 May 2025 22:02:34 GMT Apply for the job now!
0 notes
Text
Understand the Oracle Java License Change and Maximize Savings with Oracle BYOL
In recent years, Oracle has made significant changes to how it licenses Java, a move that has caught many organizations off guard. The Oracle Java license change represents a strategic shift that affects how businesses access and use Java in their IT environments. At the same time, Oracle offers the Bring Your Own License (BYOL) model to help companies manage licensing costs while maintaining compliance. Understanding both the licensing changes and the BYOL model is crucial for IT leaders, developers, and procurement teams aiming to avoid unexpected costs and maintain operational efficiency.
Oracle Java License Change: What You Need to Know
Historically, Oracle provided Java under a free-to-use license model, primarily for personal and development purposes. However, starting in 2019, Oracle announced a new subscription-based model for commercial users of Oracle Java SE. Under this model, users are required to pay for updates, support, and the continued use of Java in production environments.
Then in 2023, Oracle made another update by introducing a new Java SE Universal Subscription, a per-employee license that bundles support for multiple versions and deployment types. This new subscription replaced the legacy per-processor or per-user pricing, and it now applies to all employees—not just developers or IT users. The goal was to simplify Java licensing, but for many organizations, it significantly increased costs and licensing complexity.
This Oracle Java license change has sparked widespread concern, especially among companies that were previously unaware of their licensing obligations or believed Java remained free for commercial use. Businesses now face the dual challenge of identifying where Java is deployed and determining whether those deployments fall under Oracle’s commercial licensing requirements.
The Risks of Non-Compliance
The Oracle Java license change means organizations must carefully audit their environments. Java is often deeply embedded in custom applications, middleware, and legacy systems. Without proper tracking, many businesses may be using Oracle Java without realizing they owe subscription fees. Oracle has been known to audit companies and impose hefty penalties for non-compliance.
Being proactive is essential. Organizations must inventory all instances of Java, distinguish between Oracle Java and open-source alternatives like OpenJDK, and determine whether they fall within the scope of the new licensing model. This audit process should be thorough, as even unintentional use of Oracle Java can lead to compliance issues.
Oracle BYOL: A Cost-Effective Alternative
As part of Oracle’s broader licensing strategy, the company offers a Bring Your Own License (BYOL) model. Oracle BYOL allows organizations to use their existing Oracle licenses when deploying in supported cloud environments, including Oracle Cloud Infrastructure (OCI) and certain third-party cloud providers.
For companies already invested in Oracle technologies, Oracle BYOL presents an opportunity to reduce costs and maximize ROI. It allows you to repurpose your on-premise licenses for cloud-based Java deployments, eliminating the need for redundant subscriptions. This flexibility can significantly reduce licensing expenditures while providing access to enterprise-grade support and features.
Notably, Oracle BYOL applies not just to Java but also to Oracle Database, WebLogic, and other middleware products. In the context of the Oracle Java license change, BYOL becomes an essential strategy for cloud migrations and hybrid IT models.
How to Use Oracle BYOL with Java
To take advantage of Oracle BYOL for Java, organizations must first ensure they have eligible licenses. These licenses must be covered under active support and compliance terms. Once verified, you can apply them to eligible cloud environments, reducing or eliminating the cost of additional Java subscriptions in those environments.
Here are key steps to implement Oracle BYOL effectively:
Conduct a License Review: Work with Oracle or a trusted licensing partner to review your existing entitlements.
Identify BYOL Opportunities: Determine where Oracle Java is deployed and whether those environments support BYOL.
Update Policies and Procedures: Ensure your procurement and IT teams understand the BYOL process and update documentation accordingly.
Monitor Usage: Implement tools to track license usage and ensure ongoing compliance.
When done correctly, Oracle BYOL can serve as a powerful tool to mitigate the financial impact of the Oracle Java license change.
OpenJDK: A Viable Alternative
In light of the license change, many organizations are also exploring alternatives to Oracle Java, such as OpenJDK. OpenJDK is a free and open-source implementation of the Java Platform, and it serves as the base for Oracle Java. Several vendors, including Amazon (Corretto), Red Hat, and Azul, provide enterprise-grade builds of OpenJDK, offering free updates and support options.
Switching to OpenJDK can help avoid licensing fees altogether. However, organizations should evaluate compatibility, performance, and support needs before making the transition. In some cases, sticking with Oracle Java and using Oracle BYOL may offer better support and stability, particularly for mission-critical systems.
Final Thoughts
The Oracle Java license change has reshaped how businesses manage their Java deployments. With Oracle now enforcing stricter licensing terms and pricing models, organizations must take a proactive approach to compliance. At the same time, the Oracle BYOL model offers a valuable path for reducing costs, especially for businesses moving to the cloud.
By understanding these changes and leveraging available licensing strategies, organizations can maintain operational continuity while controlling IT expenses. Whether you choose to remain with Oracle Java or migrate to OpenJDK, having a clear strategy in place is the best way to navigate the evolving Java ecosystem
0 notes
Text
What Oracle Skills Are Currently In High Demand?
Introduction
Oracle technologies dominate the enterprise software landscape, with businesses worldwide relying on Oracle databases, cloud solutions, and applications to manage their data and operations. As a result, professionals with Oracle expertise are in high demand. Whether you are an aspiring Oracle professional or looking to upgrade your skills, understanding the most sought-after Oracle competencies can enhance your career prospects. Here are the top Oracle skills currently in high demand.
Oracle Database Administration (DBA)
Oracle Database Administrators (DBAs) are crucial in managing and maintaining Oracle databases. Unlock the world of database management with our Oracle Training in Chennai at Infycle Technologies. Organizations seek professionals to ensure optimal database performance, security, and availability. Key skills in demand include:
Database installation, configuration, and upgrades
Performance tuning and optimization
Backup and recovery strategies using RMAN
High-availability solutions such as Oracle RAC (Real Application Clusters)
Security management, including user access control and encryption
SQL and PL/SQL programming for database development
Oracle Cloud Infrastructure (OCI)
With businesses rapidly moving to the cloud, Oracle Cloud Infrastructure (OCI) has become a preferred choice for many enterprises. Professionals skilled in OCI can help organizations deploy, manage, and optimize cloud environments. Key areas of expertise include:
Oracle Cloud Architecture and Networking
OCI Compute, Storage, and Database services
Identity and Access Management (IAM)
Oracle Kubernetes Engine (OKE)
Security Best Practices and Compliance in Cloud Environments
Migration strategies from on-premises databases to OCI
Oracle SQL And PL/SQL Development
Oracle SQL and PL/SQL are fundamental database developers, analysts, and administrators skills. Companies need professionals who can:
Write efficient SQL queries for data retrieval & manipulation
Develop PL/SQL procedures, triggers, and packages
Optimize database performance with indexing and query tuning
Work with advanced SQL analytics functions and data modelling
Implement automation using PL/SQL scripts
Oracle ERP And E-Business Suite (EBS)
Enterprise Resource Planning (ERP) solutions from Oracle, such as Oracle E-Business Suite (EBS) and Oracle Fusion Cloud ERP, are widely used by organizations to manage business operations. Professionals with rising experience in these areas are highly sought after. Essential skills include:
ERP implementation and customization
Oracle Financials, HRMS, and Supply Chain modules
Oracle Workflow and Business Process Management
Reporting and analytics using Oracle BI Publisher
Integration with third-party applications
Oracle Fusion Middleware
Oracle Fusion Middleware is a comprehensive software suite that facilitates application integration, business process automation, and security. Professionals with experience in:
Oracle WebLogic Server administration
Oracle SOA Suite (Service-Oriented Architecture)
Oracle Identity and Access Management (IAM)
Oracle Data Integration and ETL tools
The job market highly values Java EE and Oracle Application Development Framework (ADF).
Oracle BI (Business Intelligence) And Analytics
Data-driven decision-making is critical for modern businesses, and Oracle Business Intelligence (BI) solutions help organizations derive insights from their data. In-demand skills include:
Oracle BI Enterprise Edition (OBIEE)
Oracle Analytics Cloud (OAC)
Data warehousing concepts and ETL processes
Oracle Data Visualization and Dashboarding
Advanced analytics using machine learning and AI tools within Oracle BI
Oracle Exadata And Performance Tuning
Oracle Exadata is a high-performance engineered system designed for large-scale database workloads. Professionals skilled in Oracle Exadata and performance tuning are in great demand. Essential competencies include:
Exadata architecture and configuration
Smart Flash Cache and Hybrid Columnar Compression (HCC)
Exadata performance tuning techniques
Storage indexing and SQL query optimization
Integration with Oracle Cloud for hybrid cloud environments
Oracle Security And Compliance
Organizations need Oracle professionals to ensure database and application security with increasing cybersecurity threats. Key security-related Oracle skills include:
Oracle Data Safe and Database Security Best Practices
Oracle Audit Vault and Database Firewall
Role-based access control (RBAC) implementation
Encryption and Data Masking techniques
Compliance with regulations like GDPR and HIPAA
Oracle DevOps And Automation
DevOps practices have become essential for modern software development and IT operations. Enhance your journey toward a successful career in software development with Infycle Technologies, the Best Software Training Institute in Chennai. Oracle professionals with DevOps expertise are highly valued for their ability to automate processes and ensure continuous integration and deployment (CI/CD). Relevant skills include:
Oracle Cloud DevOps tools and automation frameworks
Terraform for Oracle Cloud Infrastructure provisioning
CI/CD pipeline implementation using Jenkins and GitHub Actions
Infrastructure as Code (IaC) practices with Oracle Cloud
Monitoring and logging using Oracle Cloud Observability tools
Oracle AI And Machine Learning Integration
Artificial intelligence (AI) and machine learning (ML) are transforming businesses' operations, and Oracle has integrated AI/ML capabilities into its products. Professionals with expertise in:
Oracle Machine Learning (OML) for databases
AI-driven analytics in Oracle Analytics Cloud
Chatbots and AI-powered automation using Oracle Digital Assistant
Data Science and Big Data processing with Oracle Cloud are highly demanding for data-driven decision-making roles.
Conclusion
The demand for Oracle professionals grows as businesses leverage Oracle's powerful database, cloud, and enterprise solutions. Whether you are a database administrator, cloud engineer, developer, or security expert, acquiring the right Oracle skills can enhance your career opportunities and keep you ahead in the competitive job market. You can position yourself as a valuable asset in the IT industry by focusing on high-demand skills such as Oracle Cloud Infrastructure, database administration, ERP solutions, and AI/ML integration. If you want to become an expert in Oracle technologies, consider enrolling in Oracle certification programs, attending workshops, and gaining hands-on experience to strengthen your skill set and stay ahead in the industry.
0 notes
Text
Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers
http://securitytc.com/THDyWX
0 notes
Text
What is Oracle Fusion Middleware?
Oracle Fusion Middleware (OFM) is a comprehensive suite of software solutions designed to facilitate enterprise-level software development and integration. Built on Java EE standards, it provides a set of services and tools that allow businesses to manage complex IT environments, integrate disparate systems, and streamline business processes. It bridges the gap between different enterprise applications, databases, and even cloud services, ensuring that businesses can adapt to evolving IT landscapes with minimal disruption.
Here, we’ll explore the components of Oracle Fusion Middleware, its key benefits, and why it’s a vital tool for modern businesses.
Key Components of Oracle Fusion Middleware
Oracle Fusion Middleware is composed of several layers of software and services, each addressing different aspects of business IT infrastructure. Some of the core components include:
1. Oracle WebLogic Server
The cornerstone of OFM, Oracle WebLogic Server, is an application server that provides a runtime environment for building and deploying enterprise Java EE applications. It's known for its scalability, reliability, and ability to handle mission-critical applications. WebLogic offers capabilities for developing, deploying, and managing large-scale applications in a distributed computing environment.
2. Oracle SOA Suite
Service-Oriented Architecture (SOA) is critical for integrating disparate systems across an organization. Oracle SOA Suite simplifies the process of building, deploying, and managing integrations by allowing services to communicate with each other, even if they are written in different programming languages or run on different platforms. SOA Suite includes essential tools like BPEL (Business Process Execution Language), enterprise service buses (ESBs), and adapters that connect various enterprise systems.
3. Oracle BPM Suite
Oracle Business Process Management (BPM) Suite extends the capabilities of the SOA suite to include the modeling, simulation, and execution of business processes. It enables organizations to automate and optimize their business workflows, improve agility, and enhance operational efficiency. With Oracle BPM, businesses can streamline their decision-making processes and ensure alignment with strategic goals.
4. Oracle Identity Management
Security is a top priority in today’s digital business environment. Oracle Identity Management (OIM) provides a platform to manage user identities, access privileges, and ensure compliance with regulatory requirements. It includes features for single sign-on (SSO), role-based access control (RBAC), and user provisioning, making it easier to manage security across a distributed IT environment.
5. Oracle Business Intelligence (BI)
Oracle's BI components help businesses gain insights from their data. Oracle BI Suite Enterprise Edition (OBIEE) is a platform that provides interactive dashboards, ad-hoc query capabilities, and reporting tools. It enables decision-makers to make data-driven decisions by analyzing trends, KPIs, and business performance metrics.
6. Oracle Data Integrator (ODI)
ODI simplifies the process of extracting, transforming, and loading (ETL) data between systems. It’s designed to handle large-scale data integration challenges, offering high-performance batch processing as well as real-time integration solutions. ODI ensures that data flows seamlessly between databases, enterprise applications, and cloud services, enabling organizations to maintain data consistency and integrity.
7. Oracle Content and Experience
Content management and collaboration are critical in today’s digital workplace. Oracle Content and Experience is a cloud-based solution that allows organizations to manage content, collaborate, and deliver personalized user experiences across various digital channels. It serves as a hub for sharing and managing documents, images, videos, and other content while ensuring consistency and governance.
Key Benefits of Oracle Fusion Middleware
1. Integration Across Heterogeneous Systems
One of the greatest advantages of OFM is its ability to integrate different systems, even those running on disparate technologies. Whether it’s connecting legacy systems with modern cloud-based applications or integrating on-premise databases with third-party services, OFM provides the tools necessary to create a seamless IT ecosystem.
2. Scalability and Flexibility
As enterprises grow, their IT infrastructure needs to scale accordingly. Oracle Fusion Middleware offers unparalleled scalability, allowing organizations to expand their applications, services, and data management solutions without having to re-architect the entire system. Its cloud-ready architecture also ensures flexibility, giving businesses the option to deploy their solutions on-premise, in the cloud, or in hybrid environments.
3. Enhanced Security and Compliance
With a strong focus on identity management and access control, Oracle Fusion Middleware ensures that businesses can maintain robust security measures across their IT landscape. The comprehensive security features allow for centralized control of user identities and permissions, making it easier to comply with industry regulations and internal policies.
4. Improved Business Agility
With tools like the Oracle SOA and BPM suites, OFM enables businesses to automate and streamline their operations. By simplifying business processes and eliminating manual intervention, businesses can respond to market changes more quickly and innovate faster.
5. Reduced Complexity
Oracle Fusion Middleware provides a unified platform that reduces the complexity of managing multiple systems and platforms. This results in easier maintenance, faster deployment, and reduced overhead in managing IT infrastructure.
Use Cases of Oracle Fusion Middleware
1. Application Integration
For large organizations with multiple legacy applications, integrating these systems with newer cloud-based services can be challenging. Oracle Fusion Middleware’s SOA and data integration tools allow for smooth integration, enabling different systems to communicate and share data efficiently.
2. Process Automation
Businesses in industries like manufacturing, finance, and retail rely on process automation to maintain efficiency. Oracle BPM and SOA Suites help automate manual workflows, reducing operational costs and improving time to market.
3. Data-Driven Decision Making
In today’s competitive market, businesses must leverage data to make informed decisions. Oracle BI tools enable organizations to gather insights from their vast amounts of data, giving them a competitive edge through analytics, reporting, and data visualization.
4. Hybrid Cloud Environments
Many organizations are adopting hybrid cloud strategies that combine on-premise infrastructure with cloud services. Oracle Fusion Middleware supports hybrid environments, offering the flexibility to integrate and manage applications across different cloud providers and on-premises systems.
ConclusionOracle Fusion Middleware is a powerful and comprehensive suite of tools that empowers enterprises to manage their IT infrastructure efficiently. It serves as the backbone for organizations looking to integrate, secure, and optimize their business processes. With capabilities that extend from integration and security to business intelligence and content management, OFM ensures that businesses can meet the challenges of digital transformation and stay competitive in an ever-evolving market. To Your bright future join Oracle Fusion Financials.
#careergrowth#erptraining#financecareers#erptree#oraclefusion#jobguarantee#oraclefusionfinancials#financejobs#hyderabadtraining#100jobguarantee
0 notes
Text
Oracle Fusion SCM: Technical Architecture and Integration
Oracle Fusion Supply Chain Management (SCM) is a powerful tool designed to modernize and improve supply chain operations. Its strong technical structure and easy integration features help businesses optimize their supply chains effectively.
Technical Architecture
Oracle Fusion SCM is built on Oracle’s Fusion Middleware, providing a flexible, scalable, and secure foundation for business applications. Key parts of its structure include:
1. Service-Oriented Architecture (SOA): Oracle Fusion SCM uses SOA, which makes it easy to share and reuse services across different modules. This design allows for easier management and updates of individual parts without affecting the entire system.
2. Oracle Cloud Infrastructure (OCI): Hosted on OCI, the platform ensures high performance, reliability, and security. OCI provides strong computing power, storage, and networking, essential for managing large-scale supply chains.
3. Application Development Framework (ADF): Oracle ADF is used to create user interfaces and business logic. This framework simplifies the development process and improves the user experience with a rich set of tools.
4. Oracle Database: The core of Oracle Fusion SCM is the Oracle Database, known for its reliability, scalability, and strong data management features. It supports complex transactions and ensures data consistency across the supply chain.
Integration Capabilities
Oracle Fusion SCM excels at integration, helping businesses connect different systems and streamline operations. Key integration features include:
1. Oracle Integration Cloud (OIC): OIC provides a platform for integrating applications, data, and processes. It has pre-built connectors for various Oracle and third-party applications, making integration easier and faster.
2. Application Programming Interfaces (APIs): Oracle Fusion SCM offers many RESTful and SOAP APIs for seamless data exchange between systems. These APIs help businesses integrate their existing ERP systems, CRM solutions, and other applications with Oracle Fusion SCM.
3. Data Integration Tools: Oracle Data Integrator (ODI) and Oracle GoldenGate are essential for data integration. ODI handles data movement and transformation, while GoldenGate supports real-time data replication and synchronization, ensuring all systems have up-to-date information.
4. Process Integration: Oracle BPM Suite integrates business processes across different applications, enabling workflow automation and process orchestration. This streamlines supply chain operations and reduces the need for manual intervention.
5. Middleware Solutions: Oracle Fusion Middleware includes tools like Oracle SOA Suite, Oracle WebLogic Server, and Oracle Service Bus, which help connect different systems and manage integration processes.
Conclusion
Oracle Fusion SCM’s technical architecture and integration capabilities make it a powerful solution for modernizing supply chain management. Its modular SOA design, robust infrastructure on OCI, and extensive integration options help businesses manage their supply chains efficiently and adapt to market changes. By using these features, organizations can achieve higher operational efficiency, flexibility, and a competitive edge in the global market.
Elevate your supply chain management expertise with Triotech Software’s comprehensive online training for Oracle Fusion SCM. Our expert-led courses are designed to provide in-depth knowledge and hands-on experience with Oracle’s powerful SCM solutions. Whether you’re a beginner looking to get started or a professional aiming to refine your skills, our training covers everything from basic functionalities to advanced integration techniques. With flexible learning schedules, interactive sessions, and real-world case studies, Triotech Software ensures you gain practical skills that can be immediately applied in your workplace. Join us to master Oracle Fusion SCM and propel your career to new heights with industry-leading training from Triotech Software.
0 notes
Photo
Source details and larger version.
You predicted correctly that I have a collection of vintage oracles and fortune tellers.
28 notes
·
View notes
Text
Top 5 lỗ hổng thực thi từ xa nguy hiểm nhất đầu năm 2020, có lỗ hổng còn tự động lây nhiễm sang máy tính khác mà người dùng không hề biết
Trong thế giới an ninh mạng, các lỗ hổng thực thi từ xa là loại nguy hiểm nhất khi tin tặc có thể tấn công nạn nhân mà không cần tiếp cận vật lý đến máy tính của người dùng.
Thực thi mã từ xa - Remote Code Execution (viết tắt là RCE) là loại lỗ hổng nguy hiểm nhất, cho phép hacker chiếm quyền điều khiển máy chủ ứng dụng, từ đó có thể lấy các dữ liệu quan trọng của tổ chức hoặc làm bàn đạp để tấn công sâu hơn vào hệ thống doanh nghiệp.
Dưới đây là top 5 lỗ hổng RCE nguy hiểm mới được phát hiện từ đầu năm 2020 do Chuyên gia của công ty cổ phần an ninh mạng Việt Nam VSEC đánh giá dựa trên độ phức tạp, sự phổ biến và quy mô tác động của những lỗ hổng này.
I. CVE 2019-2725: Lỗ hổng thực thi mã từ xa trên ORACLE WebLogic
Cụ thể, lỗ hổng bảo mật này nằm trong thành phần WLS9-ASYNC trên máy chủ Weblogic của Oracle cho phép kẻ tấn công nhập dữ liệu XML độc hại thông qua đường dẫn được thiết kế đặc biệt mà không cần bất kỳ quyền nào, từ đó có thể xâm nhập và thực thi các mã lệnh tùy ý lên máy chủ Weblogic.
Lỗ hổng này rất dễ bị kẻ tấn công khai thác, vì bất kỳ ai có quyền truy cập HTTP vào máy chủ WebLogic đều có thể thực hiện một cuộc tấn công. Hơn nữa nó còn không cần tương tác từ phía người dùng, như mở tệp đính kèm hay click vào liên kết độc hại, để tải xuống mã độc. Do đó, lỗi này có điểm CVSS là 9,8 /10.
Xem thêm: Dịch vụ quản trị hệ thống HPT
II. CVE 2020-0796: Lỗ hổng thực thi mã từ xa trên giao thức SMB của Windows
CVE 2020-0796 (RCE) là lỗ hổng được đánh giá là nghiêm trọng nhất khi hacker có thể thực thi mã độc từ xa mà không cần xác thực trên Windows 10, không những thế còn có thể tự động lây nhiễm sang máy tính khác.
SMB (Server Message Block) chạy trên cổng 445, là một giao thức mạng hỗ trợ việc chia sẻ file, duyệt mạng, in và giao tiếp qua mạng. Lỗ hổng này còn gọi là SMBGhost, và bắt nguồn từ cách thức SMBv3 xử lý các truy vấn của tính năng nén dữ liệu phần header (compression header), cho phép kẻ tấn công từ xa có thể thực thi mã độc trên máy chủ hoặc máy khách với đặc quyền trên cả Hệ thống.
III. CVE 2020-1938: Lỗ hổng Ghostcat đọc và chèn tập tin trên Apache Tomcat
CVE-2020-1938, hay còn gọi là Ghostcat, là một lỗ hổng trong giao thức AJP (JavaServer Pages) của Apache Tomcat - một phần mềm web server mã nguồn mở miễn phí, được sử dụng để chạy các ứng dụng web lập trình bằng ngôn ngữ java. Lỗ hổng này có điểm số 9,8/10, mức gần như cao nhất.
Theo các chuyên gia Công ty cổ phần An ninh mạng VSEC, lỗ hổng Ghostcat hiện đã được phát hiện trên tất cả phiên bản (9.x/8.x/7.x/6.x) của Apache Tomcat phát hành trong suốt 13 năm qua, và điều đặc biệt nghiêm trọng là các mã khai thác đã xuất hiện và được chia sẻ tràn lan trên internet, từ đó các tin tặc có thể tìm kiếm và triển khai các phương thức xâm nhập vào máy chủ web một cách dễ dàng.
IV. CVE-2020-7961 Lỗ hổng chuyển đổi cấu trúc dữ liệu không đáng tin cậy trên Liferay
CVE-2020-7961 là lỗi chuyển đổi cấu trúc dữ liệu trên nền tảng Liferay - một cổng thông tin mã nguồn mở được sử dụng rộng rãi. Lỗ hổng này cho phép kể tấn công lợi dụng các hàm chuyển đổi cấu trúc dữ liệu mà Liferay sử dụng để chèn mã độc, chiếm quyền điều khiển hoàn toàn ứng dung và thực thi mã lệnh từ xa đến server, thực hiện các hành vi như thay đổi giao diện trang web, đánh cắp dữ liệu,...
Lỗ hồng này tồn tại trên các phiên bản Liferay 7.2.1 CE GA2 trở về trước và hiện tại Liferay đã tung ra các bản vá kịp thời ở các phiên bản Liferay Portal 7.1 GA4, 7.0 GA7 và 6.2 GA6.
V. CVE-2019-11469: Lỗ hổng SQL Injection trên ứng dụng ManageEngine Application Manager (MEAM)
Lỗ hổng SQL Injection tồn tại ở các ứng dụng quản trị hệ thống doanh nghiệp sử dụng ManageEngine Application Manager phiên bản 14072 trở về trước, cho phép kẻ tấn công có thể nhập dữ liệu vào cơ sở dữ liệu của trang web qua các thông số gửi lên server.
Tin tặc sẽ lợi dụng lỗ hổng này để chiếm quyền điều khiển server bằng cách thêm vào một tài khoản quản trị với quyền cao nhất. Vì ManageEngine yêu cầu quyền đăng nhập đến các máy chủ được giám sát, nên hacker dễ dàng có thể chiếm quyền toàn bộ hạ tầng các máy chủ, từ đó trích xuất dữ liệu quan trọng cũng như cài đặt mã độc lên toàn hệ thống.
Hiện các lỗ hổng trong những phần mềm và nền tảng trên đều đã có bản vá từ nhà phát triển, vì vậy, nếu đang sử dụng chúng, VSEC khuyến cáo các doanh nghiệp nên sớm cập nhật lên phiên bản mới nhất, cũng như vô hiệu hóa các module tính năng gây nên những lỗ hổng trên.
0 notes
Text
DevOps Engineer - PeopleSoft Administration, Oracle Cloud Infra
Job title: DevOps Engineer – PeopleSoft Administration, Oracle Cloud Infra Company: UnitedHealth Group Job description: , PUM upgrade experience Experience on working with Tuxedo, WebLogic, App Designer, Data Mover, and Oracle Database… Expected salary: Location: Hyderabad, Telangana Job date: Thu, 01 May 2025 22:31:28 GMT Apply for the job now!
0 notes
Text
Understand the Oracle Java License Change and Maximize Savings with Oracle BYOL
In recent years, Oracle has made significant changes to how it licenses Java, a move that has caught many organizations off guard. The Oracle Java license change represents a strategic shift that affects how businesses access and use Java in their IT environments. At the same time, Oracle offers the Bring Your Own License (BYOL) model to help companies manage licensing costs while maintaining compliance. Understanding both the licensing changes and the BYOL model is crucial for IT leaders, developers, and procurement teams aiming to avoid unexpected costs and maintain operational efficiency.
Oracle Java License Change: What You Need to Know
Historically, Oracle provided Java under a free-to-use license model, primarily for personal and development purposes. However, starting in 2019, Oracle announced a new subscription-based model for commercial users of Oracle Java SE. Under this model, users are required to pay for updates, support, and the continued use of Java in production environments.
Then in 2023, Oracle made another update by introducing a new Java SE Universal Subscription, a per-employee license that bundles support for multiple versions and deployment types. This new subscription replaced the legacy per-processor or per-user pricing, and it now applies to all employees—not just developers or IT users. The goal was to simplify Java licensing, but for many organizations, it significantly increased costs and licensing complexity.
This Oracle Java license change has sparked widespread concern, especially among companies that were previously unaware of their licensing obligations or believed Java remained free for commercial use. Businesses now face the dual challenge of identifying where Java is deployed and determining whether those deployments fall under Oracle’s commercial licensing requirements.
The Risks of Non-Compliance
The Oracle Java license change means organizations must carefully audit their environments. Java is often deeply embedded in custom applications, middleware, and legacy systems. Without proper tracking, many businesses may be using Oracle Java without realizing they owe subscription fees. Oracle has been known to audit companies and impose hefty penalties for non-compliance.
Being proactive is essential. Organizations must inventory all instances of Java, distinguish between Oracle Java and open-source alternatives like OpenJDK, and determine whether they fall within the scope of the new licensing model. This audit process should be thorough, as even unintentional use of Oracle Java can lead to compliance issues.
Oracle BYOL: A Cost-Effective Alternative
As part of Oracle’s broader licensing strategy, the company offers a Bring Your Own License (BYOL) model. Oracle BYOL allows organizations to use their existing Oracle licenses when deploying in supported cloud environments, including Oracle Cloud Infrastructure (OCI) and certain third-party cloud providers.
For companies already invested in Oracle technologies, Oracle BYOL presents an opportunity to reduce costs and maximize ROI. It allows you to repurpose your on-premise licenses for cloud-based Java deployments, eliminating the need for redundant subscriptions. This flexibility can significantly reduce licensing expenditures while providing access to enterprise-grade support and features.
Notably, Oracle BYOL applies not just to Java but also to Oracle Database, WebLogic, and other middleware products. In the context of the Oracle Java license change, BYOL becomes an essential strategy for cloud migrations and hybrid IT models.
How to Use Oracle BYOL with Java
To take advantage of Oracle BYOL for Java, organizations must first ensure they have eligible licenses. These licenses must be covered under active support and compliance terms. Once verified, you can apply them to eligible cloud environments, reducing or eliminating the cost of additional Java subscriptions in those environments.
Here are key steps to implement Oracle BYOL effectively:
Conduct a License Review: Work with Oracle or a trusted licensing partner to review your existing entitlements.
Identify BYOL Opportunities: Determine where Oracle Java is deployed and whether those environments support BYOL.
Update Policies and Procedures: Ensure your procurement and IT teams understand the BYOL process and update documentation accordingly.
Monitor Usage: Implement tools to track license usage and ensure ongoing compliance.
When done correctly, Oracle BYOL can serve as a powerful tool to mitigate the financial impact of the Oracle Java license change.
OpenJDK: A Viable Alternative
In light of the license change, many organizations are also exploring alternatives to Oracle Java, such as OpenJDK. OpenJDK is a free and open-source implementation of the Java Platform, and it serves as the base for Oracle Java. Several vendors, including Amazon (Corretto), Red Hat, and Azul, provide enterprise-grade builds of OpenJDK, offering free updates and support options.
Switching to OpenJDK can help avoid licensing fees altogether. However, organizations should evaluate compatibility, performance, and support needs before making the transition. In some cases, sticking with Oracle Java and using Oracle BYOL may offer better support and stability, particularly for mission-critical systems.
Final Thoughts
The Oracle Java license change has reshaped how businesses manage their Java deployments. With Oracle now enforcing stricter licensing terms and pricing models, organizations must take a proactive approach to compliance. At the same time, the Oracle BYOL model offers a valuable path for reducing costs, especially for businesses moving to the cloud.
By understanding these changes and leveraging available licensing strategies, organizations can maintain operational continuity while controlling IT expenses. Whether you choose to remain with Oracle Java or migrate to OpenJDK, having a clear strategy in place is the best way to navigate the evolving Java ecosystem.
0 notes
Text
8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware
The Hacker News : The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. "This vulnerability allows remote authenticated http://dlvr.it/T0KfgM Posted by : Mohit Kumar ( Hacker )
0 notes
Text
U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog
http://i.securitythinkingcap.com/THDkHq
0 notes