Oracle Security Alert for CVE-2019-2729 was released on June 18, 2019. Oracle strongly recommends that customers follow the recommended actions in the Security Alert.

This Security Alert addresses CVE-2019-2729, a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

The Security Alert Advisory is the starting point for all relevant information. It includes a summary of the security vulnerability, and a pointer to obtain the latest patches. Supported products that are not listed in the “Affected Products and Versions” section of the advisory do not require new patches to be applied.

Also, it is essential to review the Security Alert supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

Check out the important documents below:

• Oracle Security Alert for CVE-2019-2729
• Oracle Critical Patch Updates and Security Alerts