CVE-2019-2452

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0, 12.1.3.0, 12.2.1.3

Description: The issue is related to inadequate access control in the WLS Core Components of Oracle WebLogic Server, allowing a remote attacker to gain unauthorized access to protected data or cause a denial of service using the HTTP protocol. Successful attacks can result in unauthorized creation, deletion, or modification of critical data, as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. Additionally, attackers can cause a hang or frequently repeatable crash of Oracle WebLogic Server.

Recommendations: For version 10.3.6.0, update to a newer version to mitigate the risk. For version 12.1.3.0, update to a newer version to mitigate the risk. For version 12.2.1.3, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Oracle WebLogic Server via HTTP to minimize the risk of exploitation.