The version of Oracle WebLogic Server installed on the remote host is affected by a remote code execution vulnerability in the WLS Core Components subcomponent due to unsafe deserialization of Java objects by the RMI registry. An unauthenticated remote attacker can exploit this, via a crafted serialized Java object, to execute arbitrary code.
Binary data oracle_weblogic_server_cve_2018_3191.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | weblogic_server | cpe:/a:oracle:weblogic_server | |
oracle | fusion_middleware | cpe:/a:oracle:fusion_middleware |