vulnerability

Oracle WebLogic: CVE-2018-2628 : Remote Code Execution Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	04/17/2018	04/18/2018	09/09/2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

04/17/2018

Added

04/18/2018

Modified

09/09/2022

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server via unsafe deserialization of Java objects. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

Oracle's official patch to this vulnerability is disputed, as it has been proven to be easily worked around to exploit the vulnerability.

Solution

oracle-weblogic-no-applicable-solution

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today