Oracle WebLogic application contains a critical deserialization remote code execution vulnerability that affects all versions of the software, which can be triggered if the “wls9_async_response.war” and “wls-wsat.war” components are enabled.
The vulnerability allows attackers to remotely execute arbitrary commands on the affected servers just by sending a specially crafted HTTP request—without requiring any authorization.
Remote code execution
Vendor has not released any patch for the following product as of yet.
Temporary Solution for the following unpatched vulnerability is recommended.