topic Re: How to upgrade Oracle WebLogic-ESXi in ESXi Discussions

How to upgrade Oracle WebLogic-ESXi

JohannaLeon — Thu, 19 Nov 2020 16:15:38 GMT

Good morning,

My question is regarding Oracle WebLogic: Oracle Security Alert Advisory - CVE-2020-14750. This is a vulnerability that the system found. So, the solution to this vulnerability is to upgrade Oracle WebLogic for one of the versions below. I have 3 servers with ESXi 6.7 EP 17 build number 17098360. I was researching how can I do it. However, I could not find it. I suppose when I upgraded ESXi to the latest version. Oracle was upgraded like part of the internal packages of ESXi. What is the command to get the Oracle WebLogic version in ESXi?

oracle-WebLogic-10_3_6_0_0-apply-patch-32097188
oracle-WebLogic-12_1_3_0_0-apply-patch-32097177

I appreciated if you can confirm my assumption or guide me on how can I proceed in order to resolve it.

Thanks in advance for your time and support.

Re: How to upgrade Oracle WebLogic-ESXi

a_p_ — Sat, 21 Nov 2020 16:41:13 GMT

Unless I'm missing something, ESXi neither has Oracle Weblogic installed, nor does it support this in the Hypervisor.
Can you please clarify what exactly you are looking for?

André

Re: How to upgrade Oracle WebLogic-ESXi

scott28tt — Sat, 21 Nov 2020 17:16:52 GMT

@JohannaLeon

If you are running WebLogic in VMs that just happen to be running on ESXi hosts, your patching will be applied via the guest OS you have running in those VMs.

Re: How to upgrade Oracle WebLogic-ESXi

JohannaLeon — Tue, 01 Dec 2020 21:31:03 GMT

Hello Andre and Scott,

Responding your question. We have MS SQL Server and Crystal Server running as a VM in the ESXi host. We'll apply the patches to those two VM's and hopefully the Weblogic vulnerability on the ESXi host will go away too.

Will let you know.

Thank you!

Re: How to upgrade Oracle WebLogic-ESXi

scott28tt — Tue, 01 Dec 2020 21:37:53 GMT

@JohannaLeon

But did “the system” find the vulnerability inside the ESXi software, or inside the software you run inside your VMs?

If the latter, this issue and the solution to it has nothing to do with ESXi.

Re: How to upgrade Oracle WebLogic-ESXi

JohannaLeon — Wed, 02 Dec 2020 14:56:48 GMT

This vulnerability was found both in ESXi and inside of the VMs.

Re: How to upgrade Oracle WebLogic-ESXi

scott28tt — Wed, 02 Dec 2020 16:18:20 GMT

@JohannaLeon

I suspect "the system" is only flagging up the ESXi hosts as it understands that's where the VMs are running, and therefore a false positive, but seeing as you give no clues as to what "the system" is I'm guessing...

Re: How to upgrade Oracle WebLogic-ESXi

JohannaLeon — Wed, 02 Dec 2020 19:27:15 GMT

The program that our customer used to scan our system is InsightVM.

After doing the research and looked up the Oracle WebLogic in our VMs (SQL and Crystal) servers. So, we found that Oracle WebLogic wasn't installed on those servers, but we found some config files in some application file folders with this name. For our VM Servers, we used as web browser server Apache Tomcat.

Re: How to upgrade Oracle WebLogic-ESXi

scott28tt — Wed, 02 Dec 2020 20:56:26 GMT

@JohannaLeon

I would ask them for more evidence as to what ESXi vulnerabilities they think you have in your environment, and review the advisories here: https://www.vmware.com/security/advisories.html