HKCert
  

Oracle WebLogic Remote Code Execution Vulnerability

Release Date: 19 / 06 / 2019
Last Update: 20 / 06 / 2019
Criticality Level:  


A vulnerability has been identified in Oracle WebLogic server, a remote user can exploit this vulnerability to trigger Remote Code Execution on the targeted system.

 

[Updated 20-Jun-2019]: We noticed the vulnerability is being exploited in the wild. As such, the criticality level is changed from moderately critical to extremely critical.

  • Remote Code Execution
  • Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix.

https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html