Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware

Reference: CERT.be Advisory #2018-028
Version: 1.0
Affected software: WebLogic versions 10.3.6.0, 12.1.3.0, 12.2.1.3
Type: Remote code execution vulnerability.

CVE: CVE-2018-3191
CVE: CVE-2018-3197
CVE: CVE-2018-3201
CVE: CVE-2018-3245
CVE: CVE-2018-3252
CVSS: 9.8

Sources

https://www.oracle.com/technetwork/topics/security/alerts-086861.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3252

Risks

Successful exploitation of these vulnerabilities can result in takeover of Oracle WebLogic Server by allowing unauthenticated attacker with network access via the Oracle T3 protocol to compromise the entire Oracle WebLogic Server.

Summary

These vulnerabilities allow an unauthenticated attacker with network access and using the Oracle T3 protocol to compromise the WebLogic Server. These vulnerabilities are registered as CVE-2018-3191,3197,3201,3245,3252 and have received a "critical" status and a severity score of 9.8 on the CVSSv3 scale due to its consequences, remote exploitation factor, and ease of exploitation.
Details about these vulnerabilities are not public yet, and Oracle released patches for this bug. However, several proofs of concept have been published and attackers have started to automate and use these POCs.

Recommend actions

CERT.be recommends users to always keep their systems up to date. Patches can be downloaded at the following address:

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296....
CERT.be recommends applying these critical patches A.S.A.P.