vulnerability

Oracle WebLogic: CVE-2018-2628 : Remote Code Execution Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Apr 17, 2018	Apr 18, 2018	Sep 9, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Apr 17, 2018

Added

Apr 18, 2018

Modified

Sep 9, 2022

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server via unsafe deserialization of Java objects. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

Oracle's official patch to this vulnerability is disputed, as it has been proven to be easily worked around to exploit the vulnerability.

Solution

oracle-weblogic-no-applicable-solution

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report