CVE-2019-2891

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0

Description The issue is related to inadequate access control in the Console subcomponent of Oracle WebLogic Server, part of the Oracle Fusion Middleware platform. This can be exploited by a remote attacker using the HTTP protocol to gain full control over the application. The vulnerability is difficult to exploit and allows an unauthenticated attacker with network access to compromise Oracle WebLogic Server, potentially resulting in a takeover of the server.

Recommendations For versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0, update to a version that includes the fix for this issue to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.