Description

Oracle announced a critical patch update to address a vulnerability (CVE-2018-2894) found in its WebLogic Server that affects the product's WLS subcomponent. A remote user can exploit a flaw in the Oracle WebLogic Server WLS - Web Services component to gain elevated privileges and execute abitrary code in the context of the Oracle WebLogic Server user.

Remediation

Upgrade to the latest version of Oracle WebLogic Server. This issue was fixed in Oracle Critical Patch Update Advisory - July 2018.

References

Oracle Critical Patch Update Advisory - October 2018

Related Vulnerabilities

WordPress Plugin WP Frontend Profile Security Bypass (1.2.1)

Joomla! Core Security Bypass (1.7.0 - 3.9.22)

WordPress Plugin Advanced Shipment Tracking for WooCommerce Security Bypass (3.2.6)

WordPress Plugin NextScripts:Social Networks Auto-Poster Security Bypass (4.3.17)

WordPress Plugin Profile Builder-User Profile & User Registration Forms 'key' Parameter Security Bypass (1.1.24)

Severity

High

Classification

CVE-2018-2894 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass