Rewterz Threat Alert – Multiple Phishing Campaigns – Collective Indicators of Compromise
June 19, 2019Rewterz Threat Alert – MenuPass QuasarRAT Backdoor – APT10 – Aiming for Unauthorized System Access
June 20, 2019Rewterz Threat Alert – Multiple Phishing Campaigns – Collective Indicators of Compromise
June 19, 2019Rewterz Threat Alert – MenuPass QuasarRAT Backdoor – APT10 – Aiming for Unauthorized System Access
June 20, 2019Severity
High
Analysis summary
A deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Impact
Unauthorized system access
Affected Vendors
Oracle
Affected Products
- Oracle WebLogic Server 12.2.1.3
- Oracle WebLogic Server 10.3.6.0.0
- Oracle WebLogic Server 12.1.3.0.0
Remediation
Updates are available.