CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2019-2729

CVSS 9.8v3.1pub. 2019-06-19upd. 2024-11-21

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle Communications Diameter Signaling Router

    APP
    Oracle
    8.08.18.28.2.1
  • Oracle Communications Network Integrity

    APP
    Oracle
    7.3.2 – 7.3.6
  • Oracle Hyperion Infrastructure Technology

    APP
    Oracle
    11.1.2.411.2.5.0
  • Oracle Identity Manager

    APP
    Oracle
    11.1.2.3.012.2.1.3.0
  • Oracle Peoplesoft Enterprise Peopletools

    APP
    Oracle
    8.568.578.58
  • Oracle Rapid Planning

    APP
    Oracle
    12.112.2
  • Oracle Storagetek Tape Analytics Sw Tool

    APP
    Oracle
    2.3
  • Oracle Tape Library Acsls

    APP
    Oracle
    8.5
  • Oracle Weblogic Server

    APP
    Oracle
    10.3.6.0.012.1.3.0.012.2.1.3.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth BypassDoS
CWE
References

Related vulnerabilities

CVE-2026-35273CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)

CVE-2025-61757CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Pominięcie uwierzytelnienia w Oracle Identity Manager REST WebServices

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2020-14750CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supporte...

CVE-2020-14882CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supporte...