The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities:

	-  An unspecified vulnerability in the jquery component of the        Web Services of Oracle Weblogic Server.  An unauthenticated,        remote attacker can exploit this to gain unauthorized update,        insert, or delete access to some of Oracle WebLogic Server        accessible data. (CVE-2015-9251) 

	-  An unspecified vulnerability in the Web Services component of        Oracle Weblogic Server.  An unauthenticated, remote attacker        unauthorized can exploit this to gain read access to some of        Oracle WebLogic Server accessible data. (CVE-2019-2887)

    -  An unspecified vulnerability in the Web Services component of        Oracle Weblogic Server.  An unauthenticated, remote attacker        can exploit this to gain unauthorized read access to some of        Oracle WebLogic Server accessible data. (CVE-2019-2888)

    -  An unspecified vulnerability in the Web Services component of        Oracle Weblogic Server.  An authenticated, high priviledge        remote attacker can exploit this to compromise        Oracle WebLogic Server. (CVE-2019-2890)

    -  An unspecified vulnerability in the console component of        Oracle Weblogic Server.  An unauthenticated, remote attacker        can exploit this to compromise Oracle WebLogic Server.        (CVE-2019-2891)

    -  An unspecified vulnerability in the SOAP with Attachments API        for Java component of Oracle Weblogic Server.  An        unauthenticated, remote attacker can exploit this to gain        unauthorized update, insert, or delete access to some of        Oracle Web Services accessible data as well as unauthorized        read access to a subset of Oracle Web Services accessible        data. (CVE-2019-2907)        
    -  An unspecified vulnerability in the ADF Faces jQuery component        of Oracle Weblogic Server.  An unauthenticated, remote        attacker can exploit this to compromise Oracle        JDeveloper and ADF resulting in an unauthorized update,        insert, or delete access to some of OracleJDeveloper & ADF        accessible data as well as unauthorized read access to a        subset of Oracle JDeveloper & ADF accessible data.        (CVE-2019-11358)

    -  An unspecified vulnerability in the Web Container jQuery        component of Oracle Weblogic Server.  An unauthenticated,        remote attacker can exploit this to compromise        Oracle Service Bus resulting in an unauthorized update,        insert, or delete access to some of Service Bus data as well        as unauthorized read access to a subset of Oracle Service Bus        accessible data. (CVE-2019-11358)

    -  An unspecified vulnerability in the console jQuery component        of Oracle Weblogic Server.  An unauthenticated, remote        attacker can exploit this to compromise Oracle        WebLogic Server resulting in an unauthorized update, insert,        or delete access to some of Oracle WebLogic Server data as        well as unauthorized read access to a subset of Oracle        WebLogic Server accessible data. (CVE-2019-11358)

    -  An unspecified vulnerability in the Web Container Faces jQuery        component of Oracle Weblogic Server.  An unauthenticated,        remote attacker can exploit this to compromise        Oracle Service Bus resulting in an unauthorized update,        insert, or delete access to some of Oracle WebLogic Server        data as well as unauthorized read access to a subset of Oracle        WebLogic Server accessible data. (CVE-2019-17091)

Detections

Analytics

Oracle WebLogic Server Multiple Vulnerabilities (Oct 2019 CPU)

high Nessus Plugin ID 130012

Version 1.11

Version 1.10

Version 1.9

Version 1.11 Apr 17, 2024, 3:38 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202404171538
Version 1.10 Dec 12, 2023, 5:15 PM Detection Plugin Feed: 202312121715
Version 1.9 Dec 6, 2022, 2:54 AM Reference Plugin Feed: 202212060254