CVE-2019-2729: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

ITWEXPLOIT

Exploited in the wild

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected

22 ranges

Vendor	Product	Version range	Fixed in
oracle	communications_diameter_signaling_router	—	—
oracle	communications_diameter_signaling_router	—	—
oracle	communications_diameter_signaling_router	—	—
oracle	communications_diameter_signaling_router	—	—
oracle	communications_network_integrity	7.3.2 – 7.3.6	—
oracle	hyperion_infrastructure_technology	—	—
oracle	hyperion_infrastructure_technology	—	—
oracle	identity_manager	—	—
oracle	identity_manager	—	—
oracle	peoplesoft_enterprise_peopletools	—	—
oracle	peoplesoft_enterprise_peopletools	—	—
oracle	peoplesoft_enterprise_peopletools	—	—
oracle	rapid_planning	—	—
oracle	rapid_planning	—	—
oracle	storagetek_tape_analytics_sw_tool	—	—
oracle	tape_library_acsls	—	—
oracle	weblogic_server	—	—
oracle	weblogic_server	—	—
oracle	weblogic_server	—	—
oracle_corporation	weblogic_server	—	—
oracle_corporation	weblogic_server	—	—
oracle_corporation	weblogic_server	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

vulncheck9.8CRITICAL