CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2019-2725

CVSS 9.8v3.1pub. 2019-04-26upd. 2025-10-27

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle Agile Plm

    APP
    Oracle
    9.3.39.3.49.3.5
  • Oracle Communications Converged Application Server

    APP
    Oracle
    5.17.07.1
  • Oracle Peoplesoft Enterprise Peopletools

    APP
    Oracle
    8.568.578.58
  • Oracle Storagetek Tape Analytics Sw Tool

    APP
    Oracle
    2.3
  • Oracle Tape Library Acsls

    APP
    Oracle
    8.5
  • Oracle Tape Virtual Storage Manager Gui

    APP
    Oracle
    6.2
  • Oracle Vm Virtualbox

    APP
    Oracle
    5.2.366.1.0 – 6.1.2 (bez)< 5.2.366.0.0 – 6.0.16 (bez)
  • Oracle Weblogic Server

    APP
    Oracle
    10.3.6.0.012.1.3.0.0

CISA KEV — detailsi

Vendori
Oracle
Producti
WebLogic Server
Added to KEVi
January 10, 2022
Remediation deadline (US Federal)i
July 10, 2022(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 10 lipca 2022
Tags
Auth BypassDoS
CWE
References

Related vulnerabilities

CVE-2026-35273CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2020-14750CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supporte...

CVE-2020-14882CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supporte...

CVE-2020-14644CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported v...