Detections
Analytics
CVE-2019-2725
critical
Description
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
From the Tenable Blog
Oracle WebLogic Affected by Unauthenticated Remote Code Execution Vulnerability (CVE-2019-2725)
Published: 2019-04-26
Oracle WebLogic is vulnerable to a new deserialization vulnerability that could allow an attacker to execute remote commands on vulnerable hosts. Update May 3, 2019: The solution section below has been updated to reflect the available Oracle updates, and the mitigation section has been revised for clarity.
References
https://veriti.ai/blog/vulnerable-villain-when-hackers-get-hacked/
https://www.imperva.com/blog/imperva-detects-undocumented-8220-gang-activities/?web_view=true
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.tenable.com/blog/oracle-january-2020-critical-patch-update-contains-255-cves
https://www.tenable.com/blog/oracle-critical-patch-update-for-july-contains-265-fixes
https://www.acronis.com/en-us/blog/posts/sodinokibi-ransomware/
https://securelist.com/sodin-ransomware/91473/
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW
https://www.exploit-db.com/exploits/46780/
https://support.f5.com/csp/article/K90059138
http://www.securityfocus.com/bid/108074
http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html