Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2018-2628
PUBLISHEDVulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are...
- Vendor
- Oracle Corporation
- Product
- WebLogic Server
- Published
- Apr 19, 2018
- EPSS
- —
Description
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitation status
Exploited in the wild
Recorded 2022-09-08 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
References
- https://github.com/brianwrf/CVE-2018-2628
- https://www.exploit-db.com/exploits/44553/
- http://www.securityfocus.com/bid/103776
- http://www.securitytracker.com/id/1040696
- https://www.exploit-db.com/exploits/46513/
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- https://www.exploit-db.com/exploits/45193/
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Sep 08, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/weblogic_deserialize.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2018/CVE-2018-2628.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2018-07-02 09:00:34 UTC · 3 stars
github · Created 2018-06-26 08:25:57 UTC · 0 stars
github · Created 2018-06-05 11:00:40 UTC · 104 stars
Weblogic 反序列化漏洞(CVE-2018-2628)
github · Created 2018-04-20 02:14:21 UTC · 0 stars
github · Created 2018-04-20 01:24:17 UTC · 2 stars
github · Created 2018-04-19 15:56:49 UTC · 1 stars
github · Created 2018-04-18 17:50:29 UTC · 15 stars
WebLogic WLS核心组件反序列化漏洞多线程批量检测脚本 CVE-2018-2628-MultiThreading
github · Created 2018-04-18 17:28:44 UTC · 2 stars
github · Created 2018-04-18 05:41:23 UTC · 78 stars
CVE-2018-2628 & CVE-2018-2893
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nuclei
-
Detected by Metasploit