Security News > 2019 > June > Another Oracle WebLogic Server RCE under active exploitation

Another Oracle WebLogic Server RCE under active exploitation
2019-06-19 08:34

Oracle has released an out-of-band fix for CVE-2019-2729, a critical deserialization vulnerability in a number of versions of Oracle WebLogic Server, and is urging customers to apply the security update as soon as possible. Speed is of the essence as, according to KnownSec 404 researchers, the vulnerability is already being exploited in the wild. About the vulnerability (CVE-2019-2729) “This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network … More → The post Another Oracle WebLogic Server RCE under active exploitation appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/rNAsJj2MAZk/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-06-19 CVE-2019-2729 Improper Access Control vulnerability in Oracle products
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
network
low complexity
oracle CWE-284
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 973 1149 6156 1150 737 9192