Statements (22)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:CVE_Identifier
|
| gptkbp:access |
No
|
| gptkbp:affects |
gptkb:Oracle_WebLogic_Server
|
| gptkbp:citation |
https://nvd.nist.gov/vuln/detail/CVE-2019-2725
https://www.oracle.com/security-alerts/alert-cve-2019-2725.html |
| gptkbp:describes |
A deserialization vulnerability in Oracle WebLogic Server allowing unauthenticated remote code execution.
|
| gptkbp:discoveredBy |
Viettel Cyber Security
|
| gptkbp:exploits |
Yes
|
| gptkbp:hasCVSSScore |
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| gptkbp:hasCWE |
gptkb:CWE-502
|
| gptkbp:impact |
Complete compromise of affected system
|
| gptkbp:isExploitedInTheWild |
Yes
|
| gptkbp:patchedBy |
Oracle WebLogic Server 10.3.6.0.190416
Oracle WebLogic Server 12.1.3.0.190416 |
| gptkbp:publicationDate |
2019-04-26
|
| gptkbp:vectorFor |
gptkb:network_protocol
|
| gptkbp:vulnerableTo |
Remote Code Execution
wls9_async_response component |
| gptkbp:bfsParent |
gptkb:APT3
|
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
CVE-2019-2725
|