Oracle Critical Patch Update (CPU) Advisory was released on July 17. In this advisory, Oracle addressed a Weblogic deserialization problem (CVE-2018-2628) that disclosed in April but not completely fixed. The new CVE ID for the Weblogic vulnerability this time is CVE-2018-2893.
Basic Scores (CVSS Version 3.0 Risk):9.8
You can refer to the technical analysis and protection solution released by NSFOCUS at http://blog.nsfocusglobal.com/categories/emergency-response/oracle-weblogic-server-rce-deserialization-vulnerability-analysis/ for more information.
Click http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html for Oracle Critical Patch Update Advisory – July 2018.
Affected Versions:
- Weblogic 10.3.6.0
- Weblogic 12.1.3.0
- Weblogic 12.2.1.2
- Weblogic 12.2.1.3
Solution
Users who are using affected systems are strongly recommended to download the patch ( https://support.oracle.com) and upgrade your system.