CVE-2017-3506: Oracle WebLogic Server OS Command Injection Vulnerability.

Oracle WebLogic Server OS Command Injection Vulnerability. Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.

• CISA KEV-listed (remediation due 2024-06-24)
• EPSS 94.4% (100.0% percentile)

Browse the CVE database

Read the full analysis on IntelFusions