CVE-2017-3248

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1

Description The issue is related to errors in security settings of the Core Components in Oracle Fusion Middleware. Exploitation of this issue can allow a remote attacker to compromise the confidentiality, integrity, and availability of protected information. The vulnerability can be easily exploited by an unauthenticated attacker with network access via T3, potentially resulting in the takeover of Oracle WebLogic Server.

Recommendations For version 10.3.6.0, update to a version that includes the security fix. For version 12.1.3.0, update to a version that includes the security fix. For version 12.2.1.0, update to a version that includes the security fix. For version 12.2.1.1, update to a version that includes the security fix. As a temporary workaround, consider restricting network access via T3 to minimize the risk of exploitation.