CVE-2019-2395

Опубликовано: 16 янв. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 5.5

EPSS Низкий

Описание

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L).

Ссылки

http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/106585
Third Party Advisory
VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/106585
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:weblogic_server:10.3.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00327

Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-c8q6-6g6j-cxcv

CVSS3: 5.4

github

больше 3 лет назад

BDU:2019-00600

CVSS3: 5.4

fstec

около 8 лет назад

Уязвимость компонента WLS - Web Services сервера приложений Oracle WebLogic Server, позволяющая нарушителю получить доступ к защищаемой информации

EPSS

Процентиль: 55%

0.00327

Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo