CVE-2019-2725
Vulnerability from cvelistv5
Published
2019-04-26 18:21
Modified
2024-10-01 16:24
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/108074Broken Link
secalert_us@oracle.comhttps://support.f5.com/csp/article/K90059138Third Party Advisory
secalert_us@oracle.comhttps://www.exploit-db.com/exploits/46780/Exploit, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMWPatch, Vendor Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108074Broken Link
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K90059138Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/46780/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMWPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Vendor Advisory
Impacted products
Vendor Product Version
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2022-01-10

Due date: 2022-07-10

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-2725

Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:56:45.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "108074",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108074"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K90059138"
          },
          {
            "name": "46780",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46780/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-2725",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T16:23:13.530985Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-01-10",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-2725"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T16:24:23.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Tape Library ACSLS",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-21T12:13:22",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "108074",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108074"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K90059138"
        },
        {
          "name": "46780",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/46780/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2019-2725",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Tape Library ACSLS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "8.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "7.5",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "108074",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108074"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html",
              "refsource": "MISC",
              "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html"
            },
            {
              "name": "https://support.f5.com/csp/article/K90059138",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K90059138"
            },
            {
              "name": "46780",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/46780/"
            },
            {
              "name": "http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2019-2725",
    "datePublished": "2019-04-26T18:21:08",
    "dateReserved": "2018-12-14T00:00:00",
    "dateUpdated": "2024-10-01T16:24:23.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2019-2725",
      "cwes": "[\"CWE-74\"]",
      "dateAdded": "2022-01-10",
      "dueDate": "2022-07-10",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2019-2725",
      "product": "WebLogic Server",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).",
      "vendorProject": "Oracle",
      "vulnerabilityName": "Oracle WebLogic Server, Injection"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-2725\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2019-04-26T19:29:00.463\",\"lastModified\":\"2024-11-21T04:41:25.577\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el componente Oracle WebLogic Server de Oracle Fusion Middleware (subcomponente: Web Services). Las versiones afectadas son la 10.3.6.0.0 y la 12.1.3.0.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP ponga en peligro Oracle WebLogic Server. Los ataques con \u00e9xito de esta vulnerabilidad pueden dar lugar a la adquisici\u00f3n de Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Impactos de Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-01-10\",\"cisaActionDue\":\"2022-07-10\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Oracle WebLogic Server, Injection\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14ABF04-E460-4911-9C6C-B7BCEFE68E9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCF62B0C-A8BD-40E6-9E4E-E684F4E87ACD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED43772F-D280-42F6-A292-7198284D6FE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_converged_application_server:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90AF4292-8262-4266-8451-D8DDCD32D3D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_converged_application_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B91E2BCF-005C-4B63-8FDF-5EB4AD9D37D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_converged_application_server:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A10A101-638F-4A0F-89B2-1202AC991B19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"162C6FD9-AEC2-4EBA-A163-3054840B8ACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:tape_virtual_storage_manager_gui:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE644844-8492-443E-9FA2-49D92DB3F887\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.36\",\"matchCriteriaId\":\"2E8A63B7-DBEE-46CB-905B-F98C7B1B4572\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.16\",\"matchCriteriaId\":\"64D449F8-D58F-4D15-9478-ECDE495153C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndExcluding\":\"6.1.2\",\"matchCriteriaId\":\"A85E19DF-6CA3-40AD-9D04-71E478F4C7D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:5.2.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"940EF267-1AD3-4240-9696-0B16CC406C47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40B13B7-68B3-4510-968C-6A730EB46462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C93CC705-1F8C-4870-99E6-14BF264C3811\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108074\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://support.f5.com/csp/article/K90059138\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/46780/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://support.f5.com/csp/article/K90059138\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/46780/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.