Russian Vulnerability Scanner Database

Back to List

CVE-2018-2628

Scores

EPSS Score

0.9442

CVSS

3.x 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Sources

nvd

CWEs

CWE-502

Related Vulnerabilities

BDU:2018-01470

Exploits

Exploit ID: 44553

Source: exploitdb

URL: https://www.exploit-db.com/exploits/44553

Exploit ID: 45193

Source: exploitdb

URL: https://www.exploit-db.com/exploits/45193

Exploit ID: 46513

Source: exploitdb

URL: https://www.exploit-db.com/exploits/46513

Exploit ID: CVE-2018-2628

Source: github-poc

URL: https://github.com/0xMJ/CVE-2018-2628

Reference Links

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.securityfocus.com/bid/103776
http://www.securitytracker.com/id/1040696
https://github.com/brianwrf/CVE-2018-2628
https://www.exploit-db.com/exploits/44553/
https://www.exploit-db.com/exploits/45193/
https://www.exploit-db.com/exploits/46513/
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.securityfocus.com/bid/103776
http://www.securitytracker.com/id/1040696
https://github.com/brianwrf/CVE-2018-2628
https://www.exploit-db.com/exploits/44553/
https://www.exploit-db.com/exploits/45193/
https://www.exploit-db.com/exploits/46513/

Vulnerable Software

Type: Configuration

Vendor: oracle

Product: weblogic_server

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.2.0:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd