WebLogic Server Deserialization Vulnerability Addressed in Out of Band Advisory from Oracle (CVE-2019-2729)

On June 18, Oracle published an out-of-band security advisory to address CVE-2019-2729, a critical vulnerability in Oracle WebLogic Server. This is the second vulnerability in Oracle WebLogic Server that has been patched in an out-of-band advisory in the last two months. The first was CVE-2019-2725, which was reported as a zero-day on April 17, 2019 and patched on April 26, 2019. Similarly, CVE-2019-2729 has been observed in the wild by researchers from the KnownSec 404 Team.

For more information, including patch availability, please visit our blog.