CVE-2019-2725
Oracle WebLogic Server, Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
13Exploited in Wild
YesDecision
Descriptions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Vulnerabilidad en el componente Oracle WebLogic Server de Oracle Fusion Middleware (subcomponente: Web Services). Las versiones afectadas son la 10.3.6.0.0 y la 12.1.3.0.0.0. Una vulnerabilidad fácilmente explotable permite que un atacante no autenticado con acceso a la red a través de HTTP ponga en peligro Oracle WebLogic Server. Los ataques con éxito de esta vulnerabilidad pueden dar lugar a la adquisición de Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Impactos de Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host.
Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2018-12-14 CVE Reserved
- 2019-04-26 CVE Published
- 2019-05-02 First Exploit
- 2022-01-10 Exploited in Wild
- 2022-07-10 KEV Due Date
- 2024-10-01 CVE Updated
- 2024-10-26 EPSS Updated
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (23)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/46814 | 2019-05-08 | |
https://www.exploit-db.com/exploits/46780 | 2024-10-01 | |
https://github.com/lufeirider/CVE-2019-2725 | 2019-08-08 | |
https://github.com/TopScrew/CVE-2019-2725 | 2019-06-21 | |
https://github.com/jiansiting/CVE-2019-2725 | 2019-06-15 | |
https://github.com/pimps/CVE-2019-2725 | 2019-09-26 | |
https://github.com/kerlingcode/CVE-2019-2725 | 2019-06-21 | |
https://github.com/ianxtianxt/CVE-2019-2725 | 2019-11-05 | |
https://github.com/davidmthomsen/CVE-2019-2725 | 2019-05-02 | |
https://github.com/welove88888/CVE-2019-2725 | 2019-06-10 | |
https://github.com/leerina/CVE-2019-2725 | 2019-05-05 | |
https://github.com/N0b1e6/CVE-2019-2725-POC | 2019-12-12 | |
https://github.com/CalegariMindSec/Exploit-CVE-2019-2725 | 2023-11-11 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Agile Plm Search vendor "Oracle" for product "Agile Plm" | 9.3.3 Search vendor "Oracle" for product "Agile Plm" and version "9.3.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Agile Plm Search vendor "Oracle" for product "Agile Plm" | 9.3.4 Search vendor "Oracle" for product "Agile Plm" and version "9.3.4" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Agile Plm Search vendor "Oracle" for product "Agile Plm" | 9.3.5 Search vendor "Oracle" for product "Agile Plm" and version "9.3.5" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Converged Application Server Search vendor "Oracle" for product "Communications Converged Application Server" | 5.1 Search vendor "Oracle" for product "Communications Converged Application Server" and version "5.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Converged Application Server Search vendor "Oracle" for product "Communications Converged Application Server" | 7.0 Search vendor "Oracle" for product "Communications Converged Application Server" and version "7.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Converged Application Server Search vendor "Oracle" for product "Communications Converged Application Server" | 7.1 Search vendor "Oracle" for product "Communications Converged Application Server" and version "7.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.56 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.56" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.57 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.57" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Storagetek Tape Analytics Sw Tool Search vendor "Oracle" for product "Storagetek Tape Analytics Sw Tool" | 2.3 Search vendor "Oracle" for product "Storagetek Tape Analytics Sw Tool" and version "2.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Tape Library Acsls Search vendor "Oracle" for product "Tape Library Acsls" | 8.5 Search vendor "Oracle" for product "Tape Library Acsls" and version "8.5" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Tape Virtual Storage Manager Gui Search vendor "Oracle" for product "Tape Virtual Storage Manager Gui" | 6.2 Search vendor "Oracle" for product "Tape Virtual Storage Manager Gui" and version "6.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Vm Virtualbox Search vendor "Oracle" for product "Vm Virtualbox" | < 5.2.36 Search vendor "Oracle" for product "Vm Virtualbox" and version " < 5.2.36" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Vm Virtualbox Search vendor "Oracle" for product "Vm Virtualbox" | >= 6.0.0 < 6.0.16 Search vendor "Oracle" for product "Vm Virtualbox" and version " >= 6.0.0 < 6.0.16" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Vm Virtualbox Search vendor "Oracle" for product "Vm Virtualbox" | >= 6.1.0 < 6.1.2 Search vendor "Oracle" for product "Vm Virtualbox" and version " >= 6.1.0 < 6.1.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Vm Virtualbox Search vendor "Oracle" for product "Vm Virtualbox" | 5.2.36 Search vendor "Oracle" for product "Vm Virtualbox" and version "5.2.36" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 10.3.6.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "10.3.6.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.1.3.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.1.3.0.0" | - |
Affected
|