CVE-2019-2729

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0.0 through 12.2.1.3.0

Description The issue is related to the XMLDecoder component of the Oracle WebLogic Server, which has weaknesses in its deserialization mechanism. This can be exploited by a remote attacker to execute arbitrary code, potentially leading to a takeover of the Oracle WebLogic Server. The vulnerability can be easily exploited by an unauthenticated attacker with network access via HTTP.

Recommendations For versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0, update to a patched version to resolve the issue. As a temporary workaround, consider restricting access to the Web Services subcomponent until a patch is available. Avoid using the vulnerable XMLDecoder component until the issue is resolved.