Skip to content
July 1, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Watchtower
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • News
  • Cyber Security
  • Hackers target Oracle WebLogic Servers after the release of PoC code
  • Cyber Security

Hackers target Oracle WebLogic Servers after the release of PoC code

Do Son July 27, 2018 2 minutes read
CVE-2018-2893
Add as a preferred
source on Google

Hackers recently launched attacks on Oracle WebLogic servers and tried to control vulnerable devices that have not patched after the vulnerability published.

The vulnerability exploited by the hacker is CVE-2018-2893, a deserialization remote command execution vulnerability in Oracle WebLogic middleware that allows hackers to control the entire server without the need for a password. After these hackers attempted an attack, the vulnerability was assessed to be near the highest level – the vulnerability scored a critical 9.8 /10 score on the CVSv3 security level.

CVE-2018-2893

The reason why the score is so high because the vulnerability can be used remotely and it is relatively easy to use. The details of the vulnerability have never been released to the public, and Oracle has released a patch for this vulnerability on July 18.

However, just three days later, several proof-of-concept videos described the vulnerability in detail. Although most of the videos have been deleted, at the time of this article, PoC code is still available on GitHub, which may be a significant factor in the use of this vulnerability by hackers. According to reports, the first attack attempt began on July 21, when the news of the existence of the PoC code has spread, and since then, the attack has become more and more.

Security researchers from ISC SANS and Qihoo 360 Netlab are currently tracking two gangs that appear to have automated exploits and are attacking a large scale.

The owner of the Oracle server is advised to install the patch as soon as possible. Oracle WebLogic servers running 10.3.6.0, 12.1.3.0, 12.2.1.2, and 12.2.1.3 are currently vulnerable, so patching is necessary.

Also, the vulnerability is currently being exploited through port 7001, so Oracle WebLogic server owners who do not now have patches installed should disable the port on their routers as a temporary solution.

Related coverage

  • Exploitation of URL Rewriting: A New Phishing Paradigm Threatens Cybersecurity
  • “Connect:fun” Campaign Targets Media Organizations, Exploits Critical Fortinet Vulnerability
  • Exposed security cameras in Israel and Palestine pose major risk
  • Russian-Linked Operation Texonto Targets Ukraine, Dissidents
  • Lazarus Group Suspected in Telegram Phishing Attacks on Investors

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: Oracle WebLogic Servers

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-48558CVSS 10.0
    SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
    Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
  • CVE-2026-46817CVSS 9.8
    Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
    Admin intel📅 Updated: Jun 29, 2026
  • CVE-2026-28496CVSS 9.4
    FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
    Admin intel📅 Updated: Jun 25, 2026
  • CVE-2026-12569
    A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The...
    CISA KEV📅 Added to KEV: Jun 25, 2026
  • CVE-2025-67038CVSS 9.8
    An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write...
    CISA KEV📅 Added to KEV: Jun 23, 2026
  • CVE-2026-34908CVSS 10.0
    A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi...
    CISA KEV📅 Added to KEV: Jun 23, 2026
  • CVE-2026-34909CVSS 10.0
    A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS...
    CISA KEV📅 Added to KEV: Jun 23, 2026
  • CVE-2026-34910CVSS 10.0
    A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi...
    CISA KEV📅 Added to KEV: Jun 23, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-11387CVSS 9.8
    The SMS Alert – SMS & OTP for WooCommerce, Order Notifications &...
  • CVE-2026-10539CVSS 9.0
    A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input....
  • CVE-2026-7839CVSS 9.1
    UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded...
  • CVE-2026-6070CVSS 9.1
    The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion...
  • CVE-2026-7840CVSS 9.8
    UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded...
  • CVE-2026-56700CVSS 9.8
    Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls...
  • CVE-2026-56278CVSS 9.1
    Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded...
  • CVE-2026-50003CVSS 9.8
    A malicious or compromised server can make a DCMTK client using bit-preserving...
  • CVE-2026-58449CVSS 9.8
    txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint...
  • CVE-2026-7874CVSS 9.1
    IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.