NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge

Trending CVEs for the Week of April 29th, 2019

Why IAM Technology is Critical to Your Vulnerability Management Program

CVE-2019-2725 – Oracle WebLogic Server Zero-Day Vulnerability

Description

CVE-2019-2725 is a vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware. This zero-day vulnerability has been discovered by Chinese National Vulnerability Database (CNVD) last week. Oracle released an emergency patch for WebLogic 10.3.6.0 on Friday (April 26th, 2019)  and for WebLogic 12.1.3.0 on Monday (April 29th, 2019).

Affected Products

  • Weblogic 10.3.6.0.0
  • WebLogic 12.1.3.0.0

Exploitation and Risk

Successful exploitation of this vulnerability could result in remote code execution within the context of the application. Depending on the privileges associated with the application, an attacker could then install programs with full user rights.

Fixes

There are no workarounds, but Oracle released a patch for WebLogic 10.3.6.0 on April 26th, 2019  and WebLogic 12.1.3.0.0 on April 29th, 2019.

To patch this vulnerability follow Oracle Security Advisor.

References

Oracle Security Advisor

National Vulnerability Database

Share your thoughts in our community!

Click Here

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.