Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: EJB Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Remediation

References

CVE-2019-2888

Related Vulnerabilities

MediaWiki Insertion of Sensitive Information into Log File Vulnerability (CVE-2024-40598)

WordPress Plugin CigiCigi Post Guest Cross-Site Scripting (1.0.5)

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-15041)

WordPress Plugin WooCommerce Weight Based Shipping Cross-Site Request Forgery (5.4.1)

Joomla Improper Input Validation Vulnerability (CVE-2016-8870)

Severity

Medium

Classification

CVE-2019-2888 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities