Vulnerability Details : CVE-2019-2725

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Published 2019-04-26 19:29:00

Updated 2022-04-27 16:39:18

Source Oracle

View at NVD, CVE.org

At least one public exploit which can be used to exploit this vulnerability exists!

CVE-2019-2725 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Oracle WebLogic Server, Injection

CISA required action:

Apply updates per vendor instructions.

CISA description:

Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

Added on 2022-01-10 Action due date 2022-07-10

Exploit prediction scoring system (EPSS) score for CVE-2019-2725

Probability of exploitation activity in the next 30 days: 97.57%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2019-2725

Oracle Weblogic Server Deserialization RCE - AsyncResponseService

Disclosure Date : 2019-04-23

exploit/multi/misc/weblogic_deserialize_asyncresponseservice

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host. Authors: - Andres Rodriguez - 2Secure (@acamro) <[email protected]>

More information

CVSS scores for CVE-2019-2725

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-2725

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Assigned by: [email protected] (Primary)

References for CVE-2019-2725

https://www.oracle.com/security-alerts/cpujan2020.html

Patch;Vendor Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Patch;Vendor Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW

Patch;Vendor Advisory
https://www.exploit-db.com/exploits/46780/

Exploit;Third Party Advisory;VDB Entry
https://support.f5.com/csp/article/K90059138

Third Party Advisory
http://www.securityfocus.com/bid/108074

Broken Link
http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html

Patch;Vendor Advisory
http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html

Third Party Advisory;VDB Entry

Products affected by CVE-2019-2725

Oracle » Peoplesoft Enterprise Peopletools » Version: 8.56
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
Matching versions
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.57
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
Matching versions
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.58
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Matching versions
Oracle » Weblogic Server » Version: 10.3.6.0.0
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Weblogic Server » Version: 12.1.3.0.0
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Vm Virtualbox
Versions before (<) 5.2.36
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Matching versions
Oracle » Vm Virtualbox
Versions from including (>=) 6.0.0 and before (<) 6.0.16
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Matching versions
Oracle » Vm Virtualbox
Versions from including (>=) 6.1.0 and before (<) 6.1.2
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Matching versions
Oracle » Vm Virtualbox » Version: 5.2.36
cpe:2.3:a:oracle:vm_virtualbox:5.2.36:*:*:*:*:*:*:*
Matching versions
Oracle » Tape Library Acsls » Version: 8.5
cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
Matching versions
Oracle » Agile Plm » Version: 9.3.5
cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
Matching versions
Oracle » Agile Plm » Version: 9.3.4
cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*
Matching versions
Oracle » Agile Plm » Version: 9.3.3
cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Converged Application Server » Version: 5.1
cpe:2.3:a:oracle:communications_converged_application_server:5.1:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Converged Application Server » Version: 7.0
cpe:2.3:a:oracle:communications_converged_application_server:7.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Converged Application Server » Version: 7.1
cpe:2.3:a:oracle:communications_converged_application_server:7.1:*:*:*:*:*:*:*
Matching versions
Oracle » Storagetek Tape Analytics Sw Tool » Version: 2.3
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*
Matching versions
Oracle » Tape Virtual Storage Manager Gui » Version: 6.2
cpe:2.3:a:oracle:tape_virtual_storage_manager_gui:6.2:*:*:*:*:*:*:*
Matching versions