CVE-2018-3252

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0, 12.1.3.0, 12.2.1.3

Description: The issue is related to inadequate access control in the WLS Core Components of Oracle WebLogic Server, allowing a remote attacker to gain full control over the application using the T3 network protocol. This can result in the takeover of Oracle WebLogic Server. The vulnerability can be easily exploited by an unauthenticated attacker with network access via T3.

Recommendations: For versions 10.3.6.0, 12.1.3.0, and 12.2.1.3, consider restricting access to the T3 protocol until a patch is available. As a temporary workaround, limit network access to the Oracle WebLogic Server to minimize the risk of exploitation. Avoid using the T3 protocol for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.