Weblogic Remote Code Execution Vulnerability

Weblogic Remote Code Execution Vulnerability

July 31, 2018 | Adeline Zhang

 

Oracle Critical Patch Update (CPU) Advisory was released on July 17. In this advisory, Oracle addressed a Weblogic deserialization problem (CVE-2018-2628) that disclosed in April but not completely fixed. The new CVE ID for the Weblogic vulnerability this time is CVE-2018-2893.

Basic Scores (CVSS Version 3.0 Risk):9.8

You can refer to the technical analysis and protection solution released by NSFOCUS at  http://blog.nsfocusglobal.com/categories/emergency-response/oracle-weblogic-server-rce-deserialization-vulnerability-analysis/ for more information.

Click http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html for Oracle Critical Patch Update Advisory – July 2018.

Affected Versions:

  • Weblogic 10.3.6.0
  • Weblogic 12.1.3.0
  • Weblogic 12.2.1.2
  • Weblogic 12.2.1.3

Solution

Users who are using affected systems are strongly recommended to download the patch ( https://support.oracle.com) and upgrade your system.