Print - 【Vulnerability Alert】Oracle Releases a Critical Security Advisory for Multiple Products (CVE-2026-21962) (CVE-2026-21969)

【Vulnerability Alert】Oracle Releases a Critical Security Advisory for Multiple Products (CVE-2026-21962) (CVE-2026-21969)

publish date : 2026-01-26 update date : 2026-01-26

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026012204014343	Publication Time	2026/01/22 16:46
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026/01/22 16:46
Impact Level	Low
[Subject] 【Vulnerability Alert】Oracle Releases a Critical Security Advisory for Multiple Products (CVE-2026-21962) (CVE-2026-21969)
[Content] Forwarded from TWCERTCC-200-202601-00000019 【CVE-2026-21962, CVSS: 10.0】This vulnerability exists in Oracle Fusion Middleware products, including Oracle HTTP Server and Oracle WebLogic Server Proxy Plug-in. It allows unauthenticated attackers to access the affected services via HTTP. If successfully exploited, the vulnerability may result in the unauthorized creation, deletion, modification, and access of sensitive data. 【CVE-2026-21969, CVSS: 9.8】This vulnerability exists in Oracle Supply Chain products, specifically Oracle Agile Product Lifecycle Management for Process. It allows unauthenticated attackers to gain access to the system via HTTP, potentially leading to full system compromise." (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] Oracle Fusion Middleware 12.2.1.4.0Oracle Fusion Middleware 14.1.1.0.0Oracle Fusion Middleware 14.1.2.0.0Oracle Supply Chain 6.2.4
[Recommended Actions] Apply the remediation measures in accordance with the solution released on the official website: https://www.twcert.org.tw/tw/cp-169-10649-8c72e-1.html
[Reference] https://www.twcert.org.tw/tw/cp-169-10649-8c72e-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center