CVE-2019-2618

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0

Description The issue is related to insufficient access control in the WLS Core Components of Oracle WebLogic Server, allowing a remote attacker to modify, add, or delete data via the HTTP protocol. Successful attacks can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data, as well as unauthorized update, insert, or delete access to some of the data.

Recommendations For version 10.3.6.0.0, update to a newer version to mitigate the risk. For version 12.1.3.0.0, update to a newer version to mitigate the risk. For version 12.2.1.3.0, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the WLS Core Components until a patch is available.