4:00pm, 20 Jun 2019

TLP Rating: White

Oracle WebLogic vulnerability being exploited

CERT NZ is aware of a critical vulnerability in the Oracle WebLogic Server being actively exploited. The vulnerability, CVE-2019-2729, is remotely exploitable without authentication.

Oracle has released a patch to mitigate this vulnerability. There are conflicting reports about the patch’s effectiveness, so CERT NZ also recommends patching as well as implementing further defence-in-depth mitigations.