{"cve_id":"CVE-2019-2725","summary":"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.5,"epss":0.94468,"ranking_epss":0.99997,"kev":true,"propose_action":"Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).","ransomware_campaign":"Known","references":["http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html","http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","http://www.securityfocus.com/bid/108074","https://support.f5.com/csp/article/K90059138","https://www.exploit-db.com/exploits/46780/","https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW","https://www.oracle.com/security-alerts/cpujan2020.html","http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html","http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","http://www.securityfocus.com/bid/108074","https://support.f5.com/csp/article/K90059138","https://www.exploit-db.com/exploits/46780/","https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2725"],"published_time":"2019-04-26T19:29:00","cpes":["cpe:2.3:a:oracle:agile_plm:9.3.3","cpe:2.3:a:oracle:agile_plm:9.3.4","cpe:2.3:a:oracle:agile_plm:9.3.5","cpe:2.3:a:oracle:communications_converged_application_server:5.1","cpe:2.3:a:oracle:communications_converged_application_server:7.0","cpe:2.3:a:oracle:communications_converged_application_server:7.1","cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56","cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57","cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58","cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3","cpe:2.3:a:oracle:tape_library_acsls:8.5","cpe:2.3:a:oracle:tape_virtual_storage_manager_gui:6.2","cpe:2.3:a:oracle:vm_virtualbox:-","cpe:2.3:a:oracle:vm_virtualbox:1.6","cpe:2.3:a:oracle:vm_virtualbox:1.6.0","cpe:2.3:a:oracle:vm_virtualbox:1.6.2","cpe:2.3:a:oracle:vm_virtualbox:1.6.4","cpe:2.3:a:oracle:vm_virtualbox:1.6.6","cpe:2.3:a:oracle:vm_virtualbox:2.0","cpe:2.3:a:oracle:vm_virtualbox:2.0.0","cpe:2.3:a:oracle:vm_virtualbox:2.0.10","cpe:2.3:a:oracle:vm_virtualbox:2.0.12","cpe:2.3:a:oracle:vm_virtualbox:2.0.2","cpe:2.3:a:oracle:vm_virtualbox:2.0.4","cpe:2.3:a:oracle:vm_virtualbox:2.0.6","cpe:2.3:a:oracle:vm_virtualbox:2.0.8","cpe:2.3:a:oracle:vm_virtualbox:2.1","cpe:2.3:a:oracle:vm_virtualbox:2.1.0","cpe:2.3:a:oracle:vm_virtualbox:2.1.2","cpe:2.3:a:oracle:vm_virtualbox:2.1.4","cpe:2.3:a:oracle:vm_virtualbox:2.2","cpe:2.3:a:oracle:vm_virtualbox:2.2.0","cpe:2.3:a:oracle:vm_virtualbox:2.2.2","cpe:2.3:a:oracle:vm_virtualbox:2.2.4","cpe:2.3:a:oracle:vm_virtualbox:3.0","cpe:2.3:a:oracle:vm_virtualbox:3.0.0","cpe:2.3:a:oracle:vm_virtualbox:3.0.10","cpe:2.3:a:oracle:vm_virtualbox:3.0.12","cpe:2.3:a:oracle:vm_virtualbox:3.0.14","cpe:2.3:a:oracle:vm_virtualbox:3.0.2","cpe:2.3:a:oracle:vm_virtualbox:3.0.4","cpe:2.3:a:oracle:vm_virtualbox:3.0.6","cpe:2.3:a:oracle:vm_virtualbox:3.0.8","cpe:2.3:a:oracle:vm_virtualbox:3.1","cpe:2.3:a:oracle:vm_virtualbox:3.1.0","cpe:2.3:a:oracle:vm_virtualbox:3.1.2","cpe:2.3:a:oracle:vm_virtualbox:3.1.4","cpe:2.3:a:oracle:vm_virtualbox:3.1.6","cpe:2.3:a:oracle:vm_virtualbox:3.1.8","cpe:2.3:a:oracle:vm_virtualbox:3.2","cpe:2.3:a:oracle:vm_virtualbox:3.2.0","cpe:2.3:a:oracle:vm_virtualbox:3.2.10","cpe:2.3:a:oracle:vm_virtualbox:3.2.12","cpe:2.3:a:oracle:vm_virtualbox:3.2.14","cpe:2.3:a:oracle:vm_virtualbox:3.2.16","cpe:2.3:a:oracle:vm_virtualbox:3.2.18","cpe:2.3:a:oracle:vm_virtualbox:3.2.2","cpe:2.3:a:oracle:vm_virtualbox:3.2.20","cpe:2.3:a:oracle:vm_virtualbox:3.2.22","cpe:2.3:a:oracle:vm_virtualbox:3.2.24","cpe:2.3:a:oracle:vm_virtualbox:3.2.4","cpe:2.3:a:oracle:vm_virtualbox:3.2.6","cpe:2.3:a:oracle:vm_virtualbox:3.2.8","cpe:2.3:a:oracle:vm_virtualbox:4.0","cpe:2.3:a:oracle:vm_virtualbox:4.0.0","cpe:2.3:a:oracle:vm_virtualbox:4.0.10","cpe:2.3:a:oracle:vm_virtualbox:4.0.12","cpe:2.3:a:oracle:vm_virtualbox:4.0.14","cpe:2.3:a:oracle:vm_virtualbox:4.0.16","cpe:2.3:a:oracle:vm_virtualbox:4.0.18","cpe:2.3:a:oracle:vm_virtualbox:4.0.2","cpe:2.3:a:oracle:vm_virtualbox:4.0.20","cpe:2.3:a:oracle:vm_virtualbox:4.0.22","cpe:2.3:a:oracle:vm_virtualbox:4.0.24","cpe:2.3:a:oracle:vm_virtualbox:4.0.26","cpe:2.3:a:oracle:vm_virtualbox:4.0.31","cpe:2.3:a:oracle:vm_virtualbox:4.0.32","cpe:2.3:a:oracle:vm_virtualbox:4.0.34","cpe:2.3:a:oracle:vm_virtualbox:4.0.36","cpe:2.3:a:oracle:vm_virtualbox:4.0.4","cpe:2.3:a:oracle:vm_virtualbox:4.0.6","cpe:2.3:a:oracle:vm_virtualbox:4.0.8","cpe:2.3:a:oracle:vm_virtualbox:4.1.0","cpe:2.3:a:oracle:vm_virtualbox:4.1.10","cpe:2.3:a:oracle:vm_virtualbox:4.1.12","cpe:2.3:a:oracle:vm_virtualbox:4.1.14","cpe:2.3:a:oracle:vm_virtualbox:4.1.16","cpe:2.3:a:oracle:vm_virtualbox:4.1.18","cpe:2.3:a:oracle:vm_virtualbox:4.1.2","cpe:2.3:a:oracle:vm_virtualbox:4.1.20","cpe:2.3:a:oracle:vm_virtualbox:4.1.22","cpe:2.3:a:oracle:vm_virtualbox:4.1.24","cpe:2.3:a:oracle:vm_virtualbox:4.1.26","cpe:2.3:a:oracle:vm_virtualbox:4.1.28","cpe:2.3:a:oracle:vm_virtualbox:4.1.30","cpe:2.3:a:oracle:vm_virtualbox:4.1.32","cpe:2.3:a:oracle:vm_virtualbox:4.1.34","cpe:2.3:a:oracle:vm_virtualbox:4.1.39","cpe:2.3:a:oracle:vm_virtualbox:4.1.4","cpe:2.3:a:oracle:vm_virtualbox:4.1.40","cpe:2.3:a:oracle:vm_virtualbox:4.1.42","cpe:2.3:a:oracle:vm_virtualbox:4.1.44","cpe:2.3:a:oracle:vm_virtualbox:4.1.6","cpe:2.3:a:oracle:vm_virtualbox:4.1.8","cpe:2.3:a:oracle:vm_virtualbox:4.2.0","cpe:2.3:a:oracle:vm_virtualbox:4.2.10","cpe:2.3:a:oracle:vm_virtualbox:4.2.12","cpe:2.3:a:oracle:vm_virtualbox:4.2.14","cpe:2.3:a:oracle:vm_virtualbox:4.2.16","cpe:2.3:a:oracle:vm_virtualbox:4.2.18","cpe:2.3:a:oracle:vm_virtualbox:4.2.2","cpe:2.3:a:oracle:vm_virtualbox:4.2.20","cpe:2.3:a:oracle:vm_virtualbox:4.2.22","cpe:2.3:a:oracle:vm_virtualbox:4.2.24","cpe:2.3:a:oracle:vm_virtualbox:4.2.26","cpe:2.3:a:oracle:vm_virtualbox:4.2.28","cpe:2.3:a:oracle:vm_virtualbox:4.2.30","cpe:2.3:a:oracle:vm_virtualbox:4.2.31","cpe:2.3:a:oracle:vm_virtualbox:4.2.32","cpe:2.3:a:oracle:vm_virtualbox:4.2.34","cpe:2.3:a:oracle:vm_virtualbox:4.2.36","cpe:2.3:a:oracle:vm_virtualbox:4.2.4","cpe:2.3:a:oracle:vm_virtualbox:4.2.6","cpe:2.3:a:oracle:vm_virtualbox:4.2.8","cpe:2.3:a:oracle:vm_virtualbox:4.3.0","cpe:2.3:a:oracle:vm_virtualbox:4.3.10","cpe:2.3:a:oracle:vm_virtualbox:4.3.12","cpe:2.3:a:oracle:vm_virtualbox:4.3.14","cpe:2.3:a:oracle:vm_virtualbox:4.3.16","cpe:2.3:a:oracle:vm_virtualbox:4.3.18","cpe:2.3:a:oracle:vm_virtualbox:4.3.2","cpe:2.3:a:oracle:vm_virtualbox:4.3.22","cpe:2.3:a:oracle:vm_virtualbox:4.3.24","cpe:2.3:a:oracle:vm_virtualbox:4.3.26","cpe:2.3:a:oracle:vm_virtualbox:4.3.28","cpe:2.3:a:oracle:vm_virtualbox:4.3.29","cpe:2.3:a:oracle:vm_virtualbox:4.3.30","cpe:2.3:a:oracle:vm_virtualbox:4.3.32","cpe:2.3:a:oracle:vm_virtualbox:4.3.34","cpe:2.3:a:oracle:vm_virtualbox:4.3.35","cpe:2.3:a:oracle:vm_virtualbox:4.3.36","cpe:2.3:a:oracle:vm_virtualbox:4.3.38","cpe:2.3:a:oracle:vm_virtualbox:4.3.4","cpe:2.3:a:oracle:vm_virtualbox:4.3.6","cpe:2.3:a:oracle:vm_virtualbox:4.3.8","cpe:2.3:a:oracle:vm_virtualbox:5.0.0","cpe:2.3:a:oracle:vm_virtualbox:5.0.10","cpe:2.3:a:oracle:vm_virtualbox:5.0.12","cpe:2.3:a:oracle:vm_virtualbox:5.0.13","cpe:2.3:a:oracle:vm_virtualbox:5.0.14","cpe:2.3:a:oracle:vm_virtualbox:5.0.16","cpe:2.3:a:oracle:vm_virtualbox:5.0.18","cpe:2.3:a:oracle:vm_virtualbox:5.0.2","cpe:2.3:a:oracle:vm_virtualbox:5.0.20","cpe:2.3:a:oracle:vm_virtualbox:5.0.22","cpe:2.3:a:oracle:vm_virtualbox:5.0.24","cpe:2.3:a:oracle:vm_virtualbox:5.0.26","cpe:2.3:a:oracle:vm_virtualbox:5.0.27","cpe:2.3:a:oracle:vm_virtualbox:5.0.28","cpe:2.3:a:oracle:vm_virtualbox:5.0.30","cpe:2.3:a:oracle:vm_virtualbox:5.0.32","cpe:2.3:a:oracle:vm_virtualbox:5.0.34","cpe:2.3:a:oracle:vm_virtualbox:5.0.36","cpe:2.3:a:oracle:vm_virtualbox:5.0.38","cpe:2.3:a:oracle:vm_virtualbox:5.0.4","cpe:2.3:a:oracle:vm_virtualbox:5.0.40","cpe:2.3:a:oracle:vm_virtualbox:5.0.6","cpe:2.3:a:oracle:vm_virtualbox:5.0.8","cpe:2.3:a:oracle:vm_virtualbox:5.1.0","cpe:2.3:a:oracle:vm_virtualbox:5.1.10","cpe:2.3:a:oracle:vm_virtualbox:5.1.12","cpe:2.3:a:oracle:vm_virtualbox:5.1.14","cpe:2.3:a:oracle:vm_virtualbox:5.1.16","cpe:2.3:a:oracle:vm_virtualbox:5.1.18","cpe:2.3:a:oracle:vm_virtualbox:5.1.2","cpe:2.3:a:oracle:vm_virtualbox:5.1.20","cpe:2.3:a:oracle:vm_virtualbox:5.1.22","cpe:2.3:a:oracle:vm_virtualbox:5.1.24","cpe:2.3:a:oracle:vm_virtualbox:5.1.26","cpe:2.3:a:oracle:vm_virtualbox:5.1.28","cpe:2.3:a:oracle:vm_virtualbox:5.1.30","cpe:2.3:a:oracle:vm_virtualbox:5.1.32","cpe:2.3:a:oracle:vm_virtualbox:5.1.34","cpe:2.3:a:oracle:vm_virtualbox:5.1.36","cpe:2.3:a:oracle:vm_virtualbox:5.1.38","cpe:2.3:a:oracle:vm_virtualbox:5.1.4","cpe:2.3:a:oracle:vm_virtualbox:5.1.6","cpe:2.3:a:oracle:vm_virtualbox:5.1.7","cpe:2.3:a:oracle:vm_virtualbox:5.1.8","cpe:2.3:a:oracle:vm_virtualbox:5.2.0","cpe:2.3:a:oracle:vm_virtualbox:5.2.10","cpe:2.3:a:oracle:vm_virtualbox:5.2.12","cpe:2.3:a:oracle:vm_virtualbox:5.2.14","cpe:2.3:a:oracle:vm_virtualbox:5.2.16","cpe:2.3:a:oracle:vm_virtualbox:5.2.18","cpe:2.3:a:oracle:vm_virtualbox:5.2.2","cpe:2.3:a:oracle:vm_virtualbox:5.2.20","cpe:2.3:a:oracle:vm_virtualbox:5.2.22","cpe:2.3:a:oracle:vm_virtualbox:5.2.24","cpe:2.3:a:oracle:vm_virtualbox:5.2.26","cpe:2.3:a:oracle:vm_virtualbox:5.2.28","cpe:2.3:a:oracle:vm_virtualbox:5.2.30","cpe:2.3:a:oracle:vm_virtualbox:5.2.32","cpe:2.3:a:oracle:vm_virtualbox:5.2.34","cpe:2.3:a:oracle:vm_virtualbox:5.2.36","cpe:2.3:a:oracle:vm_virtualbox:5.2.4","cpe:2.3:a:oracle:vm_virtualbox:5.2.6","cpe:2.3:a:oracle:vm_virtualbox:5.2.8","cpe:2.3:a:oracle:vm_virtualbox:6.0.0","cpe:2.3:a:oracle:vm_virtualbox:6.0.10","cpe:2.3:a:oracle:vm_virtualbox:6.0.12","cpe:2.3:a:oracle:vm_virtualbox:6.0.14","cpe:2.3:a:oracle:vm_virtualbox:6.0.2","cpe:2.3:a:oracle:vm_virtualbox:6.0.4","cpe:2.3:a:oracle:vm_virtualbox:6.0.6","cpe:2.3:a:oracle:vm_virtualbox:6.0.8","cpe:2.3:a:oracle:vm_virtualbox:6.1.0","cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0","cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0"]}