Published: 16/10/2019 Updated: 18/10/2019

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle weblogic server 10.3.6.0.0
oracle weblogic server 12.1.3.0.0
oracle weblogic server 12.2.1.3.0

CVE-2019-2890 Exploit for WebLogic with T3

CVE-2019-2890 CVE-2019-2890 Exploit for WebLogic with T3

Clone code from https://github.com/v-gift/CVE-2019-2890

CVE-2019-2890 Clone code from githubcom/v-gift/CVE-2019-2890 CVE-2019-2890 Exploit for WebLogic with T3

CVE-2019-2890 WebLogic 反序列化RCE漏洞

CVE-2019-2890 WebLogic 反序列化RCE漏洞 0x01 Download SerializedSystemInidat /root/Oracle/Middle

CVE-2015-4852、CVE-2016-0638、CVE-2016-3510、CVE-2019-2890漏洞POC

Preface 文章详细分析了Weblogic历史从CVE-2015至CVE-2019相关历史漏洞，并整理相关POC于[Weblogic_Vuln](githubcom/zhzhdoai/Weblogic_Vulngit)记录学习Java反序列化漏洞的心得笔记欢迎start、issue Weblogic_Vuln CVE-2015-4852、CVE-2016-0638、CVE-2016-3510、CVE-2019-2890漏洞POC持续跟新

WebLogic EJBTaglibDescriptor XXE漏洞(CVE-2019-2888)

CVE-2019-2888 WebLogic EJBTaglibDescriptor XXE漏洞 wwworaclecom/security-alerts/cpuoct2019

NVD-CWE-noinfo http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://nvd.nist.gov https://github.com/ZO1RO/CVE-2019-2890

CVE-2019-2890

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect