Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation. Oracle acquired WebLogic Server when it purchased BEA Systems in 2008. In the Oracle Critical Patch Update Advisory – October 2019, Oracle officially fixed a high-risk vulnerability (CVE-2019-2891) that affect to Oracle WebLogic Server Console component. An attacker could attack WebLogic Server by sending an HTTP request without authorization.
- WebLogic 10.3.6.0.0
- WebLogic 220.127.116.11.0
- WebLogic 18.104.22.168.0
Oracle releases the patch to fix this vulnerability. Users should upgrade WebLogic as soon as possible.