Highlighted
Contributor
Contributor

How to upgrade Oracle WebLogic-ESXi

Good morning,

 

My question is regarding Oracle WebLogic: Oracle Security Alert Advisory - CVE-2020-14750. This is a vulnerability that the system found. So, the solution to this vulnerability is to upgrade Oracle WebLogic for one of the versions below. I have 3 servers with ESXi 6.7 EP 17 build number 17098360. I was researching how can I do it. However, I could not find it. I suppose when I upgraded ESXi to the latest version. Oracle was upgraded like part of the internal packages of ESXi. What is the command to get the Oracle  WebLogic version in ESXi?

  • oracle-WebLogic-10_3_6_0_0-apply-patch-32097188
  • oracle-WebLogic-12_1_3_0_0-apply-patch-32097177

I appreciated if you can confirm my assumption or guide me on how can I proceed in order to resolve it. 

Thanks in advance for your time and support.

 

0 Kudos
8 Replies
Highlighted
User Moderator
User Moderator

Unless I'm missing something, ESXi neither has Oracle Weblogic installed, nor does it support this in the Hypervisor.
Can you please clarify what exactly you are looking for?

André

0 Kudos
Highlighted
VMware Employee
VMware Employee

@JohannaLeon 

If you are running WebLogic in VMs that just happen to be running on ESXi hosts, your patching will be applied via the guest OS you have running in those VMs.

0 Kudos
Highlighted
Contributor
Contributor

Hello Andre and Scott,

Responding your question.  We have MS SQL Server and Crystal Server running as a VM in the ESXi host. We'll apply the patches to those two VM's and hopefully the Weblogic vulnerability on the ESXi host will go away too.

Will let you know.

Thank you!

 

0 Kudos
Highlighted
VMware Employee
VMware Employee

@JohannaLeon 

But did “the system” find the vulnerability inside the ESXi software, or inside the software you run inside your VMs?

If the latter, this issue and the solution to it has nothing to do with ESXi.

0 Kudos
Highlighted
Contributor
Contributor

This vulnerability was found both in ESXi and inside of the VMs.

0 Kudos
Highlighted
VMware Employee
VMware Employee

@JohannaLeon 

I suspect "the system" is only flagging up the ESXi hosts as it understands that's where the VMs are running, and therefore a false positive, but seeing as you give no clues as to what "the system" is I'm guessing...

0 Kudos
Highlighted
Contributor
Contributor

The program that our customer used to scan our system is InsightVM.

After doing the research and looked up the Oracle WebLogic in our VMs (SQL and Crystal) servers. So, we found that Oracle WebLogic wasn't installed on those servers, but we found some config files in some application file folders with this name. For our VM Servers, we used as web browser server Apache Tomcat.

0 Kudos
Highlighted
VMware Employee
VMware Employee

@JohannaLeon 

I would ask them for more evidence as to what ESXi vulnerabilities they think you have in your environment, and review the advisories here: https://www.vmware.com/security/advisories.html

 

0 Kudos