CVE-2019-2729

CRITICAL EXPLOITED IN THE WILD RANSOMWARE NUCLEI

Oracle Communications Diameter Signal... - Improper Access Control

Title source: rule

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (6)

exploitdb WORKING POC

by james · pythonwebappsjava

https://www.exploit-db.com/exploits/47895

View Code ZIP pw:eip

nomisec WORKING POC 46 stars

by ruthlezs · remote

https://github.com/ruthlezs/CVE-2019-2729-Exploit

View Code ZIP pw:eip

nomisec WORKING POC 7 stars

by waffl3ss · remote-auth

https://github.com/waffl3ss/CVE-2019-2729

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by Luchoane · remote-auth

https://github.com/Luchoane/CVE-2019-2729_creal

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by pizza-power · poc

https://github.com/pizza-power/weblogic-CVE-2019-2729-POC

View Code ZIP pw:eip

vulncheck_xdb SCANNER

remote

https://github.com/0xn0ne/weblogicScanner

View Code ZIP pw:eip

Nuclei Templates (1)

Oracle WebLogic Server Administration Console - Remote Code Execution

CRITICALby igibanez

References (7)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html

[Patch] http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuapr2020.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujan2020.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2020.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2021.html

Scores

CVSS v3 9.8

EPSS 0.9436

EPSS Percentile 100.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2019-05-01

InTheWild.io 2019-06-15

Ransomware Use Confirmed

CWE

CWE-284

Status published

Products (19)

oracle/communications_diameter_signaling_router 8.0

oracle/communications_diameter_signaling_router 8.1

oracle/communications_diameter_signaling_router 8.2

oracle/communications_diameter_signaling_router 8.2.1

oracle/communications_network_integrity 7.3.2 - 7.3.6

oracle/hyperion_infrastructure_technology 11.1.2.4

oracle/hyperion_infrastructure_technology 11.2.5.0

oracle/identity_manager 11.1.2.3.0

oracle/identity_manager 12.2.1.3.0

oracle/peoplesoft_enterprise_peopletools 8.56

... and 9 more

Published Jun 19, 2019

Tracked Since Feb 18, 2026