CyberSec.Space Logo
Back to CVE Browser

CVE-2019-2725

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score85.0550%
EPSS Percentile96.12th
PublishedApr 26, 2019
Last ModifiedOct 27, 2025

Vulnerability Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected Platforms (CPE)

πŸ“¦
Oracle

Agile Plm

= 9.3.3
πŸ“¦
Oracle

Agile Plm

= 9.3.4
πŸ“¦
Oracle

Agile Plm

= 9.3.5
πŸ“¦
Oracle

Communications Converged Application Server

= 5.1
πŸ“¦
Oracle

Communications Converged Application Server

= 7.0
πŸ“¦
Oracle

Communications Converged Application Server

= 7.1
πŸ“¦
Oracle

Peoplesoft Enterprise Peopletools

= 8.56
πŸ“¦
Oracle

Peoplesoft Enterprise Peopletools

= 8.57
πŸ“¦
Oracle

Peoplesoft Enterprise Peopletools

= 8.58
πŸ“¦
Oracle

Storagetek Tape Analytics Sw Tool

= 2.3
πŸ“¦
Oracle

Tape Library Acsls

= 8.5
πŸ“¦
Oracle

Tape Virtual Storage Manager Gui

= 6.2
πŸ“¦
Oracle

Vm Virtualbox

< 5.2.36
πŸ“¦
Oracle

Vm Virtualbox

>= 6.0.0 and < 6.0.16
πŸ“¦
Oracle

Vm Virtualbox

>= 6.1.0 and < 6.1.2
πŸ“¦
Oracle

Vm Virtualbox

= 5.2.36
πŸ“¦
Oracle

Weblogic Server

= 10.3.6.0.0
πŸ“¦
Oracle

Weblogic Server

= 12.1.3.0.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html
πŸ”— http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html
πŸ”— http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
πŸ”— http://www.securityfocus.com/bid/108074
πŸ”— https://support.f5.com/csp/article/K90059138
πŸ”— https://www.exploit-db.com/exploits/46780/
πŸ”— https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW
πŸ”— https://www.oracle.com/security-alerts/cpujan2020.html

Related Vulnerabilities

CVE-2016-35569.8

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote at...

CVE-2016-35548.8

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote au...

CVE-2016-06358.8

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2,...

CVE-2016-55148.8

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote au...