A remote code execution vulnerability (CVE-2019-2725) was found in WebLogic server, a component of Oracle Fusion Middleware. The vulnerability can be exploited by anyone with an http access to the server because it does not need a username and password.
Successful exploitation of the vulnerability allows an attacker to make the vulnerable WebLogic server to download and run Sodinokibi ransomware from his server.
Affected versions:
- 10.3.6.0.0
- 12.1.3.0.0c
Patch can be found here : https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html