Security News > 2019 > May > Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws
Attackers are actively exploiting recently fixed vulnerabilities in Oracle WebLogic and the Widget Connector macro in Atlassian Confluence to deliver ransomware, mine cryptocurrency and make the compromised machines participate in DDoS attacks. The Oracle WebLogic attacks CVE-2019-2725 is a deserialization remote command execution vulnerability that affects all Oracle WebLogic versions that have two specific components enabled. It was publicly revealed on April 21 and Oracle published an out-of-band security fix for it on April 25. … More → The post Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/8A_7fnVkRsY/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-26 | CVE-2019-2725 | Injection vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 7.5 |