UNDER ATTACK? CALL US

Weblogic Remote Code Execution Vulnerability

Por adminEm Blog, Emergency ResponsePostou
Oracle WebLogic Server logo on white background.

 

Oracle Critical Patch Update (CPU) Advisory was released on July 17. In this advisory, Oracle addressed a Weblogic deserialization problem (CVE-2018-2628) that disclosed in April but not completely fixed. The new CVE ID for the Weblogic vulnerability this time is CVE-2018-2893.

Basic Scores (CVSS Version 3.0 Risk):9.8

You can refer to the technical analysis and protection solution released by NSFOCUS at  http://blog.nsfocusglobal.com/categories/emergency-response/oracle-weblogic-server-rce-deserialization-vulnerability-analysis/ for more information.

Click http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html for Oracle Critical Patch Update Advisory – July 2018.

Affected Versions:

  • Weblogic 10.3.6.0
  • Weblogic 12.1.3.0
  • Weblogic 12.2.1.2
  • Weblogic 12.2.1.3

Solution

Users who are using affected systems are strongly recommended to download the patch ( https://support.oracle.com) and upgrade your system.

NSFOCUS
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.