CVE-2018-2894 WebLogic Unrestricted File Upload Lead To RCE Check Script
CVE-2018-2894 CVE-2018-2894 (WebLogic 未授权访问致任意文件上传/RCE漏洞) 检查脚本
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle weblogic server 12.2.1.2.0 |
||
oracle weblogic server 12.2.1.3 |
||
oracle weblogic server 12.1.3.0.0 |
||
oracle weblogic server 10.3.6.0.0 |
App security firm sanctioned in US over ties with Russia US tech companies sucked into Russian sanctions row Sir, you've been using Kaspersky Lab antivirus. Please come with us, sir
Oracle fixed 17 flaws in its products found by ERPScan researchers without acknowledging the application security firm, which was recently and controversially sanctioned in the US. ERPScan said vulnerabilities it uncovered affect six different business applications. Left unpatched, they potentially allow attackers access to sensitive business data. The bugs range from remote code execution and cross-site scripting to authentication bypass and memory corruption. The flaws spotted by ERPScan are a...