Oracle Security Alert for CVE-2019-2725 - Oracle CVRF Oracle Security Alert CVE-2019-2725 Final 4 4 2019-05-29T11:39:00-07:00 Updated Credit Statement 2019-04-26T13:00:00-07:00 2019-05-29T11:39:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/5466297.xml https://www.oracle.com/security-alerts/alert-cve-2019-2725.html URL to html version of Advisory Badcode Knownsec 404 Team Hongwei Pan Minsheng Banking Corp. Icematcha of Qianxin Yunying Labs Liao Xinxi NSFOCUS Security Team Lin Zheng Minsheng Banking Corp. Song Keya Minsheng Banking Corp. Tianlei Li Minsheng Banking Corp. Xu Yuanzhen of Alibaba Cloud Security Team ZengShuai Hao ZengShuai Hao Zhiyi Zhang from Codesafe Team of Legendsec at Qi'anxin Group icez Tophant Competence Center WebLogic Server Version 10.3.6.0 WebLogic Server Version 12.1.3.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2019-2725 P-5242V-10.3.6.0 P-5242V-12.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-2725 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2019-2725.html P-5242V-10.3.6.0 P-5242V-12.1.3.0