Vulnerability Details : CVE-2018-2935

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L).

Vulnerability category: BypassDenial of service

Published 2018-07-18 13:29:02

Updated 2019-10-03 00:03:26

Source Oracle

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2018-2935

Probability of exploitation activity in the next 30 days: 0.20%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 57 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2018-2935

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
8.3	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L	2.8	5.5	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: Low

References for CVE-2018-2935

http://www.securityfocus.com/bid/104817

Third Party Advisory
http://www.securitytracker.com/id/1041301

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2018-2935

Oracle » Weblogic Server » Version: 10.3.6.0.0
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Weblogic Server » Version: 12.1.3.0.0
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Weblogic Server » Version: 12.2.1.3
cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*
Matching versions
Oracle » Weblogic Server » Version: 12.2.1.2.0
cpe:2.3:a:oracle:weblogic_server:12.2.1.2.0:*:*:*:*:*:*:*
Matching versions