Oracle has just released Security Alert CVE-2019-2725. This Security Alert was released in response to a recently-disclosed vulnerability affecting Oracle WebLogic Server. This vulnerability affects a number of versions of Oracle WebLogic Server and has received a CVSS Base Score of 9.8. WebLogic Server customers should refer to the Security Alert Advisory for information on affected versions and how to obtain the required patches.
Please note that vulnerability CVE-2019-2725 has been associated in press reports with vulnerabilities CVE-2018-2628, CVE-2018-2893, and CVE-2017-10271. These vulnerabilities were addressed in patches released in previous Critical Patch Update releases.
Due to the severity of this vulnerability, Oracle recommends that this Security Alert be applied as soon as possible.
For more information:
The Security Alert advisory is located at https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html
The October 2017 Critical Patch Update advisory is located at https://www.oracle.com/technetwork/topics/security/cpuoct2017-3236626.html
The April 2018 Critical Patch Update advisory is located at https://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
The July 2018 Critical patch Update advisory is located at https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html