My Oracle Support Banner

Additional Information About the Oracle WebLogic Server Vulnerability CVE-2018-2628 (Doc ID 2395745.1)

Last updated on FEBRUARY 03, 2020

Applies to:

Oracle WebLogic Server - Version 10.3.6 to 12.2.1.3.0
Information in this document applies to any platform.

Purpose

The April 2018 Critical Patch Update provided patches for a number of security vulnerabilities, including vulnerability CVE-2018-2628 which affects various versions of Oracle WebLogic Server. Customers should refer to the Critical Patch Update Advisory to get more information about this vulnerability.

A number of security researchers have since claimed that the mitigation for vulnerability CVE-2018-2628 provided in the April 2018 Critical Patch Updated was incomplete.

Scope

 Oracle WebLogic Server versions 10.3.6-12.2.1.3.0

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.