CVE-2019-2725

GPTKB entity

Statements (22)
Predicate Object
gptkbp:instanceOf CVE Identifier
gptkbp:access No
gptkbp:affects gptkb:Oracle_WebLogic_Server
gptkbp:citation https://nvd.nist.gov/vuln/detail/CVE-2019-2725
https://www.oracle.com/security-alerts/alert-cve-2019-2725.html
gptkbp:describes A deserialization vulnerability in Oracle WebLogic Server allowing unauthenticated remote code execution.
gptkbp:discoveredBy Viettel Cyber Security
gptkbp:exploits Yes
gptkbp:hasCVSSScore 9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
gptkbp:hasCWE gptkb:CWE-502
https://www.w3.org/2000/01/rdf-schema#label CVE-2019-2725
gptkbp:impact Complete compromise of affected system
gptkbp:isExploitedInTheWild Yes
gptkbp:patchedBy Oracle WebLogic Server 10.3.6.0.190416
Oracle WebLogic Server 12.1.3.0.190416
gptkbp:publicationDate 2019-04-26
gptkbp:vectorFor gptkb:network_protocol
gptkbp:vulnerableTo Remote Code Execution
wls9_async_response component
gptkbp:bfsParent gptkb:Sodinokibi
gptkbp:bfsLayer 6