CVE-2018-3245

CRITICAL

Oracle WebLogic Server <12.2.1.3 - RCE

Title source: llm

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (4)

exploitdb WORKING POC

by allyshka · javaremotemultiple

https://www.exploit-db.com/exploits/46513

View Code ZIP pw:eip

nomisec WORKING POC 172 stars

by pyn3rd · poc

https://github.com/pyn3rd/CVE-2018-3245

View Code ZIP pw:eip

nomisec WORKING POC 14 stars

by jas502n · poc

https://github.com/jas502n/CVE-2018-3245

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by ianxtianxt · poc

https://github.com/ianxtianxt/CVE-2018-3245

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105613

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041896

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46513/

Scores

CVSS v3 9.8

EPSS 0.9108

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-502

Status published

Products (3)

oracle/weblogic_server 10.3.6.0.0

oracle/weblogic_server 12.1.3.0.0

oracle/weblogic_server 12.2.1.3.0

Published Oct 17, 2018

Tracked Since Feb 18, 2026