Advertisement
Top
image credit: Pixabay

Oracle Patches Another Remote Code Execution Flaw in WebLogic

June 19, 2019

Via: Security Week
Category:

The security hole, tracked as CVE-2019-2729 with a CVSS score of 9.8, impacts WebLogic versions 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. The flaw was independently reported to Oracle by nearly a dozen researchers.

According to Oracle, the vulnerability exists due to a deserialization issue related to XMLDecoder and it can be exploited remotely without authentication.

Oracle has advised users to apply the patches released now and install the latest Critical Patch Update (CPU).

Read More on Security Week

RELATED PUBLICATIONS

API sprawl: navigating the web of connectivity and security challenges
NIST updates Cybersecurity Framework after a decade of lessons
Giant leak reveals Chinese infosec vendor I-Soon is one of Beijing’s cyber-attackers for hire

Latest Publications

The importance of the Vulnerability Operations Centre for cybersecurity
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
FIN7 targeted a large U.S. carmaker with phishing attacks
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!