vulnerability

Oracle WebLogic: CVE-2019-2395 : Critical Patch Update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:S/C:P/I:N/A:P)	Jan 16, 2019	Feb 27, 2019	Nov 27, 2024

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:P)

Published

Jan 16, 2019

Added

Feb 27, 2019

Modified

Nov 27, 2024

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L).

Solution

oracle-weblogic-jan-2019-cpu-10_3_6_0_0

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today