CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2987
https://notcve.org/view.php?id=CVE-2018-2987
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104763 http://www.securitytracker.com/id/1041301 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2998 – Oracle Fusion Middleware 12c (12.2.1.3.0) WebLogic SAML Issues
https://notcve.org/view.php?id=CVE-2018-2998
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: SAML). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104763 http://www.securitytracker.com/id/1041301 •
CVSS: 9.8EPSS: 97%CPEs: 4EXPL: 7CVE-2018-2893
https://notcve.org/view.php?id=CVE-2018-2893
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://github.com/pyn3rd/CVE-2018-2893 https://github.com/sry309/CVE-2018-2893 https://github.com/qianl0ng/CVE-2018-2893 https://github.com/artofwar344/CVE-2018-2893 https://github.com/jas502n/CVE-2018-2893 https://github.com/bigsizeme/CVE-2018-2893 https://github.com/ianxtianxt/CVE-2018-2893 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104763 http://www.securitytracker.com/id/1041301 •
CVSS: 9.8EPSS: 97%CPEs: 4EXPL: 2CVE-2018-2894
https://notcve.org/view.php?id=CVE-2018-2894
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://github.com/LandGrey/CVE-2018-2894 https://github.com/jas502n/CVE-2018-2894 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104763 http://www.securitytracker.com/id/1041301 •
CVSS: 5.9EPSS: 0%CPEs: 64EXPL: 0CVE-2018-11039
https://notcve.org/view.php?id=CVE-2018-11039
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. Spring Framework (versiones 5.0.x anteriores a la 5.0.7, versiones 4.3.x anteriores a la 4.3.18 y versiones anteriores sin soporte) permite que las aplicaciones web cambien el método de petición HTTP a cualquier método HTTP (incluyendo TRACE) utilizando HiddenHttpMethodFilter en Spring MVC. Si una aplicación tiene una vulnerabilidad Cross-Site Scripting (XSS) preexistente, un usuario (o atacante) malicioso puede emplear este filtro para escalar a un ataque XST (Cross Site Tracing). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/107984 https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html https://pivotal.io/security/cve-2018-11039 https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwor •