3 matches found
Oracle WebLogic Server AbstractPlatformTransactionManager Insecure Deserialization (CVE-2018-3191)
An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. A remote attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of the user account running...
Oracle WebLogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.3 Java Object Deserialization RCE (CVE-2018-3191)
Binary data oracleweblogicservercve20183191.nbin...
CVE-2018-3191
CVE-2018-3191 affects Oracle WebLogic Server (WLS Core Components) with affected versions 10.3.6.0, 12.1.3.0 and 12.2.1.3. The issue is described as an insecure deserialization vulnerability in the Java object deserialization pathway that can be exploited remotely and unauthenticated via T3 to ac...