Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle agile plm 9.3.3 |
||
oracle agile plm 9.3.4 |
||
oracle agile plm 9.3.5 |
||
oracle communications converged application server 5.1 |
||
oracle communications converged application server 7.0 |
||
oracle communications converged application server 7.1 |
||
oracle peoplesoft enterprise peopletools 8.56 |
||
oracle peoplesoft enterprise peopletools 8.57 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle storagetek tape analytics sw tool 2.3 |
||
oracle tape library acsls 8.5 |
||
oracle tape virtual storage manager gui 6.2 |
||
oracle vm virtualbox |
||
oracle vm virtualbox 5.2.36 |
||
oracle weblogic server 10.3.6.0.0 |
||
oracle weblogic server 12.1.3.0.0 |
Plus: Bunch of Cisco fixes for Patch Tuesday week, Fitbit kit hit, RAT malware written in Golang, and more
In brief NordVPN has hit the go-live button for the first of its colocated servers. The move means the VPN provider can take tighter control over the service as it now only rents space for its own custom servers, rather than renting someone else's server in a data centre. The difference being that NordVPN gets to control all the hardware and settings. This dates back to October 2019, when NordVPN was embarrassed by hackers who managed to get into a rented server that was being used to host the V...
At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this activity in May 2018, right after Israeli security agencies announced that Hamas had installed spyware on the smartphones of Israeli soldiers, and we released a private report on our Threat Intelligence Portal. We believe the mal...
Emergency security fix emitted for remote code exec hole exploited in the wild
Oracle has issued an emergency critical update to address a remote code execution vulnerability in its WebLogic Server component for Fusion Middleware – a flaw miscreants are exploiting in the wild to hijack systems. The programming blunder, designated CVE-2019-2729, is present in WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability itself is caused by a deserialization bug in the XMLDecoder for WebLogic Server Web Services. When exploited, a remote attacker can e...
Big Red rushes out software patch as ransomware scumbags move in Brit Police Federation cops to ransomware attack on HQ systems
IT admins overseeing Oracle's WebLogic Server installations need to get patching immediately: miscreants are exploiting what was a zero-day vulnerability in the software to pump ransomware into networks. The Cisco Talos security team said one its customers discovered it had been infected via the bug on April 25, though the exploit is believed to have been kicking around the web since April 17. The programming blunder at the heart of the matter is a deserialization vulnerability that can be explo...