Oracle WebLogic Server product versions 10.3.6.0.0 Information Exposure Vulnerability

Summary

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. 

 

 

 

 

 

 

Credit:

The information has been provided by Venustech

The original article can be found at: http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

 


Details

Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data.

 

Vulnerable Systems:

Oracle WebLogic Server product versions 10.3.6.0.0 

Oracle WebLogic Server product versions 12.1.3.0.0

Oracle WebLogic Server product versions 12.2.1.3.0

 

CVE Information:

CVE-2019-2887

 

Disclosure Timeline:
Published Date:10/16/2019