CVE-2018-2894
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 15, 2017
- Published Date
- July 18, 2018
- Last Updated
- October 02, 2024
- Vendor
- Oracle Corporation
- Product
- WebLogic Server
- Description
- Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
- Tags
- Score
- 94.03% (Percentile: 99.88%) as of 2025-06-14
- Exploitation
- none
- Automatable
- Yes
- Technical Impact
- total
- Exploited in the Wild
- Yes (2025-05-29 00:00:00 UTC) Source
CVSS Scores
CVSS v3.0
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
SSVC Information
Exploit Status
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-05-30 12:00:34 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-2894.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
jas502n/CVE-2018-2894
Type: github • Created: 2018-10-07 10:07:41 UTC • Stars: 16
LandGrey/CVE-2018-2894
Type: github • Created: 2018-07-20 03:59:18 UTC • Stars: 138
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Detected by Nuclei
-
Added to KEVIntel