Exploit for #VU10055 Deserialization of untrusted data in Oracle WebLogic Server

Published: 2020-03-18 | Updated: 2021-06-17

Vulnerability identifier: #VU10055

Vulnerability risk: High

CVSSv3.1: 10 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C]

CVE-ID: CVE-2018-2628

CWE-ID: CWE-502

Exploitation vector: Network

Exploits in database: 5

June 17, 2021
- Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command Execution [Exploit-DB]
June 3, 2020
- Weblogic-CVE-2020-2551-To-Internet (CVE-2020-2551 POC to use in Internet) [Github]
April 7, 2020
- exphub (Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340) [Github]
March 18, 2020
- WebLogic-RCE-exploit (A remote code execution exploit for WebLogic based on CVE-2018-2628) [Github]
- Oracle Weblogic Server Deserialization RCE [Metasploit]

Impact: Code execution

Vulnerable software:
Oracle WebLogic Server
Server applications / Application servers

Vendor: Oracle