CVE-2018-3248

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server version 10.3.6.0

Description: The issue is related to insufficient access control in the WLS - Web Services component of Oracle WebLogic Server, allowing a remote attacker to access protected information using the HTTP protocol. This vulnerability can be easily exploited by an unauthenticated attacker with network access via HTTP, compromising Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

Recommendations: For version 10.3.6.0, consider restricting access to the WLS - Web Services component until a patch is available. As a temporary workaround, avoid using the HTTP protocol to access sensitive information in Oracle WebLogic Server until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.