CVE-2018-2628 - Oracle WebLogic Server Unspecified Vulnerability

Oracle | WebLogic Server

• Date Added:
• 2022-09-08

• Due Date:
• 2022-09-29

Vulnerability Name

Oracle WebLogic Server Unspecified Vulnerability

Description

Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://www.oracle.com/security-alerts/cpuapr2018.html; https://nvd.nist.gov/vuln/detail/CVE-2018-2628

Top Security News

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

Garmin GPS watches crashing, stuck in triangle 'reboot loop'

Microsoft fixes exploited zero-day (CVE-2024-49138)

DeepSeek Jailbreak Reveals Its Entire System Prompt

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Windows Server 2025 released—here are the new features

Engineering giant Smiths Group discloses security breach

Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter

Common Alerts

MediumHTTP to HTTPS Insecure Transition in Form Post

MediumCSP: style-src unsafe-hashes

InformationalUsername Hash Found

MediumRelative Path Confusion

LowX-Debug-Token Information Leak

MediumHTTP Parameter Override

InformationalInformation Disclosure - Information in Browser localStorage

InformationalBase64 Disclosure

HighServer Side Include

LowCookie No HttpOnly Flag

Latest CVE List

CVE-2024-45195 Apache OFBiz Forced Browsing Vulnerability

CVE-2024-29059 Microsoft .NET Framework Information Disclosure Vulnerability

CVE-2018-9276 Paessler PRTG Network Monitor OS Command Injection Vulnerability

CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability

CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability

CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

Top CWE List

CWE-693 Protection Mechanism Failure

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

MediumCWE-352 Cross-Site Request Forgery (CSRF)

HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-1426 Improper Validation of Generative AI Output

CWE-201 Insertion of Sensitive Information Into Sent Data

CWE-284 Improper Access Control

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

HighCWE-457 Use of Uninitialized Variable