Skip to main content
Click here if you are having trouble viewing this site
Older versions of Internet Explorer will not support certain site features. Chrome, Safari, Firefox, and Edge will provide the best experience.
Resources
Spok

Technical Note: Smart Suite – Oracle WebLogic Security Information by Version

  1. Last updated
  2. Save as PDF

Upcoming Update to Smart Suite: 

Spok is currently in the process of, or recently completed, upgrading your Smart Suite application set to version 7.0.2. This product is currently packaged with Oracle WebLogic version 12.2. 

Spok is planning to release an in-place upgrade to the new Smart Suite 7.1 version, including the most recent Oracle WebLogic version 12.2.1.3 in the next 3-6 months. This upgrade process does not require restaging your current infrastructure (servers) and Spok will manage and execute the upgrade on your behalf. The Smart Suite 7.1 upgrade will need to be coordinated with our Spok Professional Services team. Our Spok Professional Services Project Managers will coordinate this upgrade with customers when Smart Suite 7.1 is declared generally available for commercial use.  It is anticipated that the 7.0.2 to 7.1 upgrade will require Smart Suite to be down 30-60 minutes.  If the system requires updates to the Oracle patch set additional time may be required.

Spok has reviewed the published vulnerabilities associated with WebLogic Versions 12.2.1.1 and 12.2.1.3, and determined that the security risk between the two versions is negligible. The most notable risks are shared by both WebLogic versions and pertain to an Oracle proprietary communications protocol. 

The best way to mitigate the security threat is to not allow SmartWeb to be publicly-facing. All published security threats require an attacker to have access to the network on which SmartWeb resides.  

In summary, Spok views the documented vulnerabilities for WebLogic Versions 12.2.1.1 and 12.2.1.3 to be commonly present in both versions. Spok’s recommended security remediation procedure for Smart Suite 7.0.2 and 7.1 is to ensure that SmartWeb does not have access to the public Internet. For customers who are deployed, or will be deployed on Smart Suite version 7.0.2, we recommend that you remain on this version until Smart Suite 7.1 is commercially available with the in-place upgrade process.