Published on: 19 June 2019
Oracle has released an urgent patch to address a remote code execution vulnerability in Oracle WebLogic Server. A remote attacker may exploit the vulnerability in a component, named XMLDecoder, by sending specially crafted HTTP requests without being authenticated.
Reports indicate that the vulnerability (CVE-2019-2729) allows an unauthenticated attacker to execute arbitrary code on affected systems through specially crafted HTTP requests. Please prioritise to patch the affected systems.
A successful attack could lead to remote code execution on an affected system.
Patches for affected systems are available. System administrators of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. Please visit the following URL for details:
https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html
https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html
https://www.hkcert.org/my_url/en/alert/19061902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2729