Oracle WebLogic Server XML External Entity Vulnerability (CVE-2018-3246)

Oracle has addressed several WebLogic Server vulnerabilities this Patch Tuesday. In this post we will discuss one of the critical vulnerbilities, CVE-2018-3246. It’s an XML External Entity (XXE) vulnerability that affects Oracle WebLogic Server versions 12.1.3.0, and 12.2.1.3. Vulnerability Analysis: The vulnerability exists in a component that allows users to upload configuration files in an XML … Continue reading “Oracle WebLogic Server XML External Entity Vulnerability (CVE-2018-3246)”