9.8

CVE-2018-2628

Warnung
Exploit
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleWeblogic Server Version10.3.6.0.0
OracleWeblogic Server Version12.1.3.0.0
OracleWeblogic Server Version12.2.1.2.0
OracleWeblogic Server Version12.2.1.3

08.09.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Oracle WebLogic Server Unspecified Vulnerability

Schwachstelle

Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 99.45% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/103776
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1040696
Third Party Advisory
Broken Link
VDB Entry
https://github.com/brianwrf/CVE-2018-2628
Broken Link
https://www.exploit-db.com/exploits/44553/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/45193/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/46513/
Third Party Advisory
Exploit
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-2628
US Government Resource