A deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Tag: Oracle
ASA-2019-00239 – WebLogic: wls9_async and wls-wsat components trigger deserialization remote command execution vulnerability
This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.