CVE-2018-2893: Weblogic Remote Code Execution Vulnerability Alert

CVE-2018-2893

On July 17th, local time, on the morning of July 18th, Beijing time, Oracle officially released the July (second quarter) critical patch update CPU (Critical Patch Update), which fixed an April (first quarter) CPU patch. The entirely failed (CVE-2018-2628) Weblogic deserialization vulnerability, the newly fixed vulnerability number (CVE-2018-2893).

Affected version

  • Weblogic 10.3.6.0
  • Weblogic 12.1.3.0
  • Weblogic 12.2.1.2
  • Weblogic 12.2.1.3

Solution

Oracle official has fixed the vulnerability in this critical patch update (CPU), it is strongly recommended that affected users upgrade the update as soon as possible to protect.

Note: Oracle official patch requires the user to hold a licensed account for genuine software. After logging in to https://support.oracle.com with this account, you can download the latest patch.