CVE-2019-2891: Oracle WebLogic Server Console High Risk Vulnerability Alert

Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation. Oracle acquired WebLogic Server when it purchased BEA Systems in 2008. In the Oracle Critical Patch Update Advisory – October 2019, Oracle officially fixed a high-risk vulnerability (CVE-2019-2891) that affect to Oracle WebLogic Server Console component. An attacker could attack WebLogic Server by sending an HTTP request without authorization.

CVE-2018-3245

Affected version

  • WebLogic 10.3.6.0.0
  • WebLogic 12.1.3.0.0
  • WebLogic 12.2.1.3.0

Solution

Oracle releases the patch to fix this vulnerability. Users should upgrade WebLogic as soon as possible.