CRITICAL🚩 CISA KEV⚑ EXPLOITβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2015-4852

CVSS 9.8v3.1pub. 2015-11-18upd. 2026-04-21

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle Storagetek Tape Analytics Sw Tool

    APP
    Oracle
    2.3
  • Oracle Virtual Desktop Infrastructure

    APP
    Oracle
    ≀ 3.5.2
  • Oracle Weblogic Server

    APP
    Oracle
    10.3.6.0.012.1.2.0.012.1.3.0.012.2.1.0.0

CISA KEV β€” detailsi

Vendori
Oracle β†—
Producti
WebLogic Server
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.

πŸ”΄
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 3 maja 2022
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2020-14750CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supporte...

CVE-2020-14882CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supporte...

CVE-2020-14644CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported v...

CVE-2020-2883CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported v...

CVE-2015-4852 β€” Oracle β€” Storagetek Tape Analytics Sw Tool β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl