← Back

CVE-2019-2725

nvd nistnuclei
Published: Apr 26, 2019Modified: Oct 27, 2025CISA KEV

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected (18)

Oracle
8 products
Agile Plm
Communications Converged Application Server
Peoplesoft Enterprise Peopletools
Storagetek Tape Analytics Sw Tool
Tape Library Acsls
Tape Virtual Storage Manager Gui
Vm Virtualbox
Weblogic Server
Configuration A
18 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Agile Plm
Version 9.3.3
Agile Plm
Version 9.3.4
Agile Plm
Version 9.3.5
Oracle
Communications Converged Application Server
Version 5.1
Communications Converged Application Server
Version 7.0
Communications Converged Application Server
Version 7.1
Oracle
Peoplesoft Enterprise Peopletools
Version 8.56
Peoplesoft Enterprise Peopletools
Version 8.57
Peoplesoft Enterprise Peopletools
Version 8.58
Storagetek Tape Analytics Sw Tool
Version 2.3
Tape Library Acsls
Version 8.5
Tape Virtual Storage Manager Gui
Version 6.2
Oracle
Vm Virtualbox
Before 5.2.36
Vm Virtualbox
From 6.0.0 to 6.0.16
Vm Virtualbox
From 6.1.0 to 6.1.2
Vm Virtualbox
Version 5.2.36
Oracle
Weblogic Server
Version 10.3.6.0.0
Weblogic Server
Version 12.1.3.0.0

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (17)

Source: secalert_us@oracle.com
Third Party AdvisoryVDB Entry
Source: secalert_us@oracle.com
PatchVendor Advisory
Source: secalert_us@oracle.com
PatchVendor Advisory
Source: secalert_us@oracle.com
Broken Link
Source: secalert_us@oracle.com
Third Party Advisory
Source: secalert_us@oracle.com
ExploitThird Party AdvisoryVDB Entry
Source: secalert_us@oracle.com
PatchVendor Advisory
Source: secalert_us@oracle.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.