vulnerability

Oracle WebLogic: CVE-2018-3197 : Critical Patch Update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Oct 16, 2018	Oct 18, 2018	Oct 24, 2018

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Oct 16, 2018

Added

Oct 18, 2018

Modified

Oct 24, 2018

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Solution

oracle-weblogic-oct-2018-cpu-12_1_3_0_0

References

BID-105606
CVE-2018-3197
https://attackerkb.com/topics/CVE-2018-3197
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://support.oracle.com/rs?type=doc&id=2433477.1

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report