CVE-2018-2628 — Oracle WebLogic Server Unspecified Vulnerability

2022-09-08 • CISA Known Exploited Vulnerability

[event] Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.

> AFFECTED SOFTWARE

Field	Value
Vendor	Oracle
Product	WebLogic Server
CWE	CWE-502
CVE ID	CVE-2018-2628
Date Added	2022-09-08
Due Date	2022-09-29
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-09-29

> REFERENCES

[1] https://www.oracle.com/security-alerts/cpuapr2018.html
[2] https://nvd.nist.gov/vuln/detail/CVE-2018-2628