Security News > 2019 > May > Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws

Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws
2019-05-02 10:45

Attackers are actively exploiting recently fixed vulnerabilities in Oracle WebLogic and the Widget Connector macro in Atlassian Confluence to deliver ransomware, mine cryptocurrency and make the compromised machines participate in DDoS attacks. The Oracle WebLogic attacks CVE-2019-2725 is a deserialization remote command execution vulnerability that affects all Oracle WebLogic versions that have two specific components enabled. It was publicly revealed on April 21 and Oracle published an out-of-band security fix for it on April 25. … More → The post Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/8A_7fnVkRsY/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2019-2725 Injection vulnerability in Oracle products
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
network
low complexity
oracle CWE-74
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 781 388 3148 2078 432 6046
Atlassian 58 3 259 104 46 412