CVE-2018-3245: Weblogic Remote Code Execution Vulnerability Alert

On October 16th, local time, Oracle officially released the October (third quarter) critical patch update CPU (Critical Patch Update), which fixed a July (second quarter) CPU patch. The (CVE-2018-2893) Weblogic Remote Code Execution Vulnerability has not been fully fixed. The newly fixed vulnerability is numbered CVE-2018-3245.

CVSS 3.0 rating: 9.8

AV: N/AC: L/PR: N/UI: N/S: U/C: H/I: H/A: H

Affected version

• Weblogic 10.3.6.0
• Weblogic 12.1.3.0
• Weblogic 12.2.1.3

Solution

Oracle official has fixed the vulnerability in this critical patch update (CPU), it is strongly recommended that affected users upgrade the update as soon as possible to protect.