Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle identity manager 11.1.2.3.0 |
||
oracle weblogic server 12.1.3.0.0 |
||
oracle peoplesoft enterprise peopletools 8.56 |
||
oracle weblogic server 10.3.6.0.0 |
||
oracle weblogic server 12.2.1.3.0 |
||
oracle peoplesoft enterprise peopletools 8.57 |
||
oracle identity manager 12.2.1.3.0 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle rapid planning 12.1 |
||
oracle communications diameter signaling router 8.2 |
||
oracle communications diameter signaling router 8.2.1 |
||
oracle rapid planning 12.2 |
||
oracle communications network integrity |
||
oracle hyperion infrastructure technology 11.1.2.4 |
||
oracle hyperion infrastructure technology 11.2.5.0 |
||
oracle communications diameter signaling router 8.1 |
||
oracle communications diameter signaling router 8.0 |
||
oracle storagetek tape analytics sw tool 2.3 |
||
oracle tape library acsls 8.5 |
At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this activity in May 2018, right after Israeli security agencies announced that Hamas had installed spyware on the smartphones of Israeli soldiers, and we released a private report on our Threat Intelligence Portal. We believe the mal...
Emergency security fix emitted for remote code exec hole exploited in the wild
Oracle has issued an emergency critical update to address a remote code execution vulnerability in its WebLogic Server component for Fusion Middleware – a flaw miscreants are exploiting in the wild to hijack systems. The programming blunder, designated CVE-2019-2729, is present in WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability itself is caused by a deserialization bug in the XMLDecoder for WebLogic Server Web Services. When exploited, a remote attacker can e...