Vulnerability Details : CVE-2018-2628
Public exploit exists!
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2018-2628 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Oracle WebLogic Server Unspecified Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.
Notes:
https://www.oracle.com/security-alerts/cpuapr2018.html
Added on
2022-09-08
Action due date
2022-09-29
Exploit prediction scoring system (EPSS) score for CVE-2018-2628
Probability of exploitation activity in the next 30 days: 97.51%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2018-2628
-
Oracle Weblogic Server Deserialization RCE
Disclosure Date: 2018-04-17First seen: 2020-04-26exploit/multi/misc/weblogic_deserializeAn unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object to the interface to execute code on vulnerable hosts. Authors: - brianwrf - Jacob Robles
CVSS scores for CVE-2018-2628
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-2628
-
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-2628
-
http://www.securityfocus.com/bid/103776
Oracle WebLogic Server CVE-2018-2628 Remote Security VulnerabilityThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/45193/
Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Oracle Critical Patch Update - April 2018Patch;Vendor Advisory
-
https://github.com/brianwrf/CVE-2018-2628
Page not found · GitHub · GitHubBroken Link
-
http://www.securitytracker.com/id/1040696
Oracle WebLogic Server Bug Lets Remote Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/46513/
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)Exploit;VDB Entry;Third Party Advisory
-
https://www.exploit-db.com/exploits/44553/
Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command ExecutionExploit;Third Party Advisory;VDB Entry
Products affected by CVE-2018-2628
- cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.2.0:*:*:*:*:*:*:*