CVE-2015-4852 - Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
Project:Oracle
Product:WebLogic Server
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
Description
Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-4852