Trending CVEs for the Week of April 29th, 2019
CVE-2019-2725 – Oracle WebLogic Server Zero-Day Vulnerability
CVE-2019-2725 is a vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware. This zero-day vulnerability has been discovered by Chinese National Vulnerability Database (CNVD) last week. Oracle released an emergency patch for WebLogic 10.3.6.0 on Friday (April 26th, 2019) and for WebLogic 220.127.116.11 on Monday (April 29th, 2019).
- Weblogic 10.3.6.0.0
- WebLogic 18.104.22.168.0
Exploitation and Risk
Successful exploitation of this vulnerability could result in remote code execution within the context of the application. Depending on the privileges associated with the application, an attacker could then install programs with full user rights.
There are no workarounds, but Oracle released a patch for WebLogic 10.3.6.0 on April 26th, 2019 and WebLogic 22.214.171.124.0 on April 29th, 2019.
To patch this vulnerability follow Oracle Security Advisor.
Share your thoughts in our community!