Description
Oracle announced a critical patch update to address a vulnerability (CVE-2018-2893) found in its WebLogic Server that affects the product's WLS Core Components subcomponent due to unsafe deserialization of Java objects. An unauthenticated, remote attacker can exploit this vulnerability by crafting a Java object to execute arbitrary Java code in the context of the WebLogic server.
The WebLogic remote code execution vulnerability (CVE-2018-2893) has not been fully fixed. The newly fixed vulnerability is assigned CVE-2018-3245.
Remediation
Upgrade to the latest version of Oracle WebLogic Server. This issue was fixed in Oracle Critical Patch Update - October 2018. Or disable/restrict access to T3