Security News > 2019 > June > New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now
2019-06-19 18:48
Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by an unnamed group of attackers. Oracle WebLogic is a Java-based multi-tier enterprise application
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/hGxo0WD_WI4/oracle-weblogic-vulnerability.html
Related news
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation (source)
- Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-19 | CVE-2019-2729 | Improper Access Control vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 9.8 |