CVE-2018-2628

CISA description

Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.

Required action

Apply updates per vendor instructions.

Notes & references

• https://www.oracle.com/security-alerts/cpuapr2018.html
• https://nvd.nist.gov/vuln/detail/CVE-2018-2628

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

• RA-5 · Vulnerability Monitoring and Scanning
• SI-2 · Flaw Remediation
• CM-6 · Configuration Settings
• SI-7 · Software, Firmware, and Information Integrity
• CM-8 · System Component Inventory

External lookups

• NVD · CVE-2018-2628
• CVE.org · CVE-2018-2628
• CISA KEV catalog (canonical)