CVE-2019-2891: Oracle WebLogic Server Console High Risk Vulnerability Alert
Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation. Oracle acquired WebLogic Server when it purchased BEA Systems in 2008. In the Oracle Critical Patch Update Advisory – October 2019, Oracle officially fixed a high-risk vulnerability (CVE-2019-2891) that affect to Oracle WebLogic Server Console component. An attacker could attack WebLogic Server by sending an HTTP request without authorization.
Affected version
- WebLogic 10.3.6.0.0
- WebLogic 12.1.3.0.0
- WebLogic 12.2.1.3.0
Solution
Oracle releases the patch to fix this vulnerability. Users should upgrade WebLogic as soon as possible.