CVE-2019-2725 is a Remote Code Execution (RCE) vulnerability in Oracle WebLogic Server, which was assigned a CVSSv3 severity score of 9.8 out of 10. The vulnerability affects versions 10.3.6.0.0 and 12.1.3.0.0 of the software.
This vulnerability occurs due to improper input validation of the XML data in the WLS Security component. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable WebLogic Server. Successful exploitation of this vulnerability could result in an attacker executing arbitrary code on the targeted system with the privileges of the WebLogic server process.
This vulnerability occurs due to improper input validation of the XML data in the WLS Security component. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable WebLogic Server. Successful exploitation of this vulnerability could result in an attacker executing arbitrary code on the targeted system with the privileges of the WebLogic server process.
