T3 is a special RMI protocol implemented in Weblogic. It's vulnerable to an XML extenal entity injection. An attacker can send crafted requests to a web application for extraction of secrets from the file system, server-side request forgery or denial-of-service attacks.


Upgrade to the latest version of Oracle WebLogic Server. This issue was fixed in Oracle Critical Patch Update - April 2019. Or disable/restrict access to T3


Related Vulnerabilities