Thu. Jun 4th, 2020

CVE-2019-2891: Oracle WebLogic Server Console High Risk Vulnerability Alert

1 min read

Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation. Oracle acquired WebLogic Server when it purchased BEA Systems in 2008. In the Oracle Critical Patch Update Advisory – October 2019, Oracle officially fixed a high-risk vulnerability (CVE-2019-2891) that affect to Oracle WebLogic Server Console component. An attacker could attack WebLogic Server by sending an HTTP request without authorization.


Affected version

  • WebLogic
  • WebLogic
  • WebLogic


Oracle releases the patch to fix this vulnerability. Users should upgrade WebLogic as soon as possible.