⚠ Actively exploited
Added to CISA KEV on 2022-09-08. Federal agencies required to patch by 2022-09-29. Required action: Apply updates per vendor instructions..

CVE-2018-2628Deserialization of Untrusted Data in Corporation Weblogic Server

CWE-502Deserialization of Untrusted Data16 documents12 sources
Severity
9.8CRITICALNVD
EPSS
94.4%
top 0.02%
CISA KEV
KEV
Added 2022-09-08
Due 2022-09-29
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Oracle Corporation Weblogic ServerOracle Weblogic Server
Timeline
PublishedApr 19
KEV addedSep 8
KEV dueSep 29
CISA Required Action: Apply updates per vendor instructions.

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDoracle/weblogic_server4 versions+3
CVEListV5oracle_corporation/weblogic_server4 versions+3

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-882j-m7wv-38p6: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components)2022-05-14
CVEList
CVE-2018-2628: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components)2018-04-19
VulnCheck
Oracle WebLogic Server Unspecified Vulnerability2018

💥Exploits & PoCs

5
Exploit-DB
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)2018-10-25
Exploit-DB
Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)2018-08-13
Exploit-DB
Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command Execution2018-04-22
Metasploit
Oracle Weblogic Server Deserialization RCE
Nuclei
Oracle WebLogic Server Deserialization - Remote Code Execution

🔍Detection Rules

1
Suricata
ET EXPLOIT Oracle Weblogic Server Deserialization Remote Command Execution2018-07-05

📋Vendor Advisories

1
CISA
Oracle WebLogic Server Unspecified Vulnerability2022-09-08

🕵️Threat Intelligence

4
Tenable
How Organizations Can Reduce the Economic Incentives of Vulnerabilities2020-06-10
Zscaler
A look at the recent BuleHero botnet payload | Zscaler2019-12-12
Tenable
Critical Oracle WebLogic Server Flaw Still Not Patched2018-05-01
Tenable
Critical Oracle WebLogic Server Flaw Still Not Patched2018-05-01

💬Community

1
Bugzilla
CVE-2018-3123 CVE-2019-2581 CVE-2019-2592 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-2683 mysql:5.7/community-mysql: various flaws [fedora-29]2019-05-06
CVE-2018-2628 — Deserialization of Untrusted Data | cvebase