Oracle WebLogic Web Services Authentication Bypass Vulnerability [CVE-2018-2894]
CVE Number – CVE-2018-2894
A vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware could allow a unauthenticated, remote attacker to bypass access controls and execute arbitrary code on a targeted system.
The vulnerability is due to an unspecified error in the WLS – Web Services subcomponent of the affected software. An attacker could exploit this vulnerability by sending HTTP requests that submit malicious input to the affected software. A successful exploit could allow the attacker to bypass access controls and execute arbitrary code on the system.
-
To exploit this vulnerability, the attacker must send malicious requests to the targeted system, making exploitation more difficult in environments that restrict network access from untrusted sources.
-
Oracle has released a security advisory at the following link: Oracle Critical Patch Update Advisory – July 2018
-
Oracle has released software updates at the following link: Oracle Downloads
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.