Description
Oracle announced a critical patch update to address a vulnerability (CVE-2018-2894) found in its WebLogic Server that affects the product's WLS subcomponent. A remote user can exploit a flaw in the Oracle WebLogic Server WLS - Web Services component to gain elevated privileges and execute abitrary code in the context of the Oracle WebLogic Server user.
Remediation
Upgrade to the latest version of Oracle WebLogic Server. This issue was fixed in Oracle Critical Patch Update Advisory - July 2018.
References
Related Vulnerabilities
WordPress 'press-this.php' Remote Security Bypass Vulnerability (0.7 - 3.1.1)
WordPress Plugin Comments Like Dislike Security Bypass (1.1.3)
Drupal Core 8.x Security Bypass (8.0.0 - 8.2.7)
WordPress Plugin YITH Pre-Order for WooCommerce Security Bypass (1.1.9)
WordPress Plugin YITH WooCommerce Waiting List Security Bypass (1.3.9)