CVE-2018-3246

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.1.3.0 and 12.2.1.3

Description: The issue is related to insufficient access control in the WLS - Web Services component of Oracle WebLogic Server, allowing a remote attacker to disclose protected information using the HTTP protocol. This vulnerability can be easily exploited by an unauthenticated attacker with network access via HTTP, potentially resulting in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

Recommendations: For version 12.1.3.0, update to a version that includes the fix for this issue. For version 12.2.1.3, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the WLS - Web Services component to minimize the risk of exploitation.