CVE-2019-2887

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0

Description The issue is related to the Web Services component of Oracle WebLogic Server, which is part of Oracle Fusion Middleware. It allows a low-privileged attacker with network access via HTTP to compromise the server, resulting in unauthorized read access to a subset of Oracle WebLogic Server accessible data. The vulnerability is easily exploitable and can be used by an attacker to obtain sensitive information.

Recommendations For version 10.3.6.0.0, update to a newer version to mitigate the risk. For version 12.1.3.0.0, update to a newer version to mitigate the risk. For version 12.2.1.3.0, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Web Services component until a patch is available.