Published: 23/04/2019 Updated: 24/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle weblogic server 12.2.1.3.0
oracle weblogic server 10.3.6.0.0
oracle weblogic server 12.1.3.0.0

Half of Oracle E-Business customers open to months-old bank fraud flaw

The Register • Shaun Nichols in San Francisco • 20 Nov 2019

Haven't gotten around to patching since last Spring? Now would be a good time Europe's digital identity system needs patching after can_we_trust_this function call ignored

Thousands of Oracle E-Business Suite customers are vulnerable a security bug that can be exploited for bank fraud. Security company Onapsis estimates that roughly half of all companies using the Oracle EBS software have not yet patched CVE-2019-2648 and CVE-2019-2633, despite Big Red having pushed out fixes for both bugs back in April. The two vulnerabilities are found in the Thin Client Framework API and are described as reflected SQL injections. An attacker who could remotely access the EBS se...

CVE-2019-2648

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect