4:00pm, 20 Jun 2019
TLP Rating: White
Oracle WebLogic vulnerability being exploited
CERT NZ is aware of a critical vulnerability in the Oracle WebLogic Server being actively exploited. The vulnerability, CVE-2019-2729, is remotely exploitable without authentication.
Oracle has released a patch to mitigate this vulnerability. There are conflicting reports about the patch’s effectiveness, so CERT NZ also recommends patching as well as implementing further defence-in-depth mitigations.