A remote code execution vulnerability (CVE-2019-2725) was found in WebLogic server, a component of Oracle Fusion Middleware. The vulnerability can be exploited by anyone with an http access to the server because it does not need a username and password.

Successful exploitation of the vulnerability allows an attacker to make the vulnerable WebLogic server to download and run Sodinokibi ransomware from his server.

Affected versions:


Patch can be found here : https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html