CVE-2019-2725

CWE-7420 documents13 sources

9.8

CVSS

CRITICAL

EPSS94.5%(100th)

CISA KEVPublic ExploitExploited in WildRansomware Use

CISA Required Action: Apply updates per vendor instructions.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶NVDoracle/weblogic_server10.3.6.0.0, 12.1.3.0.0+1

▶NVDoracle/communications_converged_application_server5.1, 7.0, 7.1+2

▶NVDoracle/vm_virtualbox6.0.0 — 6.0.16+3

▶NVDoracle/agile_plm9.3.3, 9.3.4, 9.3.5+2

▶NVDoracle/tape_library_acsls8.5

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS...

NVD ↗MITRE ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-m437-3crh-7475: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services)↗2022-05-24

▶

CVEList

CVE-2019-2725: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services)↗2019-04-26

▶

VulnCheck

Oracle WebLogic Server, Injection↗2019

▶

💥Exploits & PoCs

Exploit-DB

Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)↗2019-05-08

▶

Exploit-DB

Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution↗2019-04-30

▶

Nuclei

Oracle WebLogic Server - Remote Command Execution

▶

🔍Detection Rules

Suricata

ET MALWARE Possible Encoded Wide PowerShell (IEX) in Certificate Inbound↗2019-06-12

▶

📋Vendor Advisories

CISA

Oracle WebLogic Server, Injection↗2022-01-10

▶

Oracle

Oracle Critical Patch Update - JAN 2020↗

▶

🕵️Threat Intelligence

Sentinelone

LABScon 23: From Vulkan to Ryazan | Investigative Reporting from the Frontlines of InfoSec↗2024-04-30

▶

Trendmicro

CVE-2019-2725 Exploited, Used to Deliver Monero Miner↗2019-06-10

▶

Trendmicro

CVE-2019-2725 Exploited, Used to Deliver Monero Miner↗2019-06-10

▶

Unit42

New Mirai Variant Adds 8 New Exploits, Targets Additional IoT Devices↗2019-06-07

▶

Unit42

Attackers Increasingly Targeting Oracle WebLogic Server Vulnerability for XMRig and Ransomware↗2019-05-03

▶