CVE-2019-2725

critical

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

From the Tenable Blog

Oracle WebLogic Affected by Unauthenticated Remote Code Execution Vulnerability (CVE-2019-2725)
Oracle WebLogic Affected by Unauthenticated Remote Code Execution Vulnerability (CVE-2019-2725)

Published: 2019-04-26

Oracle WebLogic is vulnerable to a new deserialization vulnerability that could allow an attacker to execute remote commands on vulnerable hosts. Update May 3, 2019: The solution section below has been updated to reflect the available Oracle updates, and the mitigation section has been revised for clarity.

References

https://veriti.ai/blog/vulnerable-villain-when-hackers-get-hacked/

https://www.imperva.com/blog/imperva-detects-undocumented-8220-gang-activities/?web_view=true

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://www.tenable.com/blog/government-advisories-warn-of-apt-activity-resulting-from-russian-invasion-of-ukraine

https://www.tenable.com/blog/oracle-weblogic-affected-by-unauthenticated-remote-code-execution-vulnerability-cve-2019-2725

https://www.tenable.com/blog/oracle-january-2020-critical-patch-update-contains-255-cves

https://www.tenable.com/blog/cve-2019-11510-critical-pulse-connect-secure-vulnerability-used-in-sodinokibi-ransomware

https://www.tenable.com/blog/objects-in-mirror-are-closer-than-they-appear-reflecting-on-the-cybersecurity-threats-from-2019

https://www.tenable.com/blog/oracle-critical-patch-update-for-july-contains-265-fixes

https://www.acronis.com/en-us/blog/posts/sodinokibi-ransomware/

https://securelist.com/sodin-ransomware/91473/

https://www.tenable.com/blog/cve-2019-2729-oracle-releases-out-of-band-patch-for-weblogic-server-deserialization

https://unit42.paloaltonetworks.com/attackers-increasingly-targeting-oracle-weblogic-server-vulnerability-for-xmrig-and-ransomware/

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW

https://www.exploit-db.com/exploits/46780/

https://support.f5.com/csp/article/K90059138

http://www.securityfocus.com/bid/108074

http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html

http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html

Details

Source: Mitre, NVD

Published: 2019-04-26

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical