Apache Struts 2
The Apache Struts 2 vulnerability may impact you. Proof of concept code has been released on gethub and is actively being discussed in underground forums. No plugins are needed for this exploit. All the attacker needs is put together a url that will give access to the Apache Struts installation.
CVE-2018-11776
Discovered by https://www.recordedfuture.com/
Here is a list of potential Oracle products that could be vulnerable. (this list is not exhaustive and I have not had time to validate every entry on this list)
This vulnerability was discovered August 22, 2018, and I have not been able to find a patch for it. Please do your research, if you are using Apache Struts 2, then keep a close eye for the patch, and once the patch is released, install it.
| MySQL Enterprise Monitor, versions 3.2.8.2223 and prior, 3.3.4.3247 and prior, 3.4.2.4181 and prior |
| Oracle Communications Policy Management, versions 11.5, 12.x |
| Oracle FLEXCUBE Private Banking, versions 2.0, 2.1, 2.2, 3.0, 12.0, 12.0.1, 12.0.2, 12.0.3, 12.1 |
| Oracle Financial Services Analytical Applications Infrastructure, versions 7.2, 7.3 |
| Oracle Financial Services Analytical Applications Reconciliation Framework, versions 3.5, 3.5.1, 8.0.0 to 8.0.4 |
| Oracle Financial Services Asset Liability Management, versions 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5 |
| Oracle Financial Services Basel Regulatory Capital Basic, versions 8.0.0 to 8.0.4 |
| Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, versions 8.0.0 to 8.0.4 |
| Oracle Financial Services Data Foundation, versions 7.3.0, 7.4.0, 8.0.0 to 8.0.5 |
| Oracle Financial Services Data Integration Hub, versions 8.0.1 to 8.0.4 |
| Oracle Financial Services Enterprise Financial Performance Analytics, versions 8.0.0 to 8.0.5 |
| Oracle Financial Services Funds Transfer Pricing, versions 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5 |
| Oracle Financial Services Hedge Management and IFRS Valuations, versions 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5 |
| Oracle Financial Services ICAAP Analytics, version 8.0 |
| Oracle Financial Services Institutional Performance Analytics, versions 8.0.0 to 8.0.5 |
| Oracle Financial Services Liquidity Risk Management, versions 8.0.1, 8.0.2, 8.0.4 |
| Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 1.5.0, 1.5.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5 |
| Oracle Financial Services Pricing Management, Transfer Pricing Component / Oracle Financial Services Price Creation and Discovery, versions 8.0.0 to 8.0.5 |
| Oracle Financial Services Profitability Management, versions 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5 |
| Oracle Financial Services Retail Customer Analytics, versions 8.0.0 to 8.0.5 |
| Oracle Financial Services Retail Performance Analytics, versions 8.0.0 to 8.0.5 |
| Oracle Insurance Data Foundation, versions 8.0.0 to 8.0.5 |
| Oracle Insurance Performance Insight for General Insurance, version 8.0 |
| Oracle Retail XBRi Loss Prevention, versions 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0, 10.8.1 |
| Siebel Applications, versions 6.1, 6.2, 7.1 |
| WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, 12.2.1.2, 12.2.1.3 |
