Is CVE-2019-2888 known to be exploited?

25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Oracle Corporation Weblogic Server

CVE-2019-2888

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: EJB Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthentic…

EPSS: 0.728 (98.8th percentile) — read the EPSS interpretation.

Affected products

Oracle Corporation Weblogic Server — versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0

Public proof-of-concept exploits

jas502n/CVE-2019-2888
0xT11/CVE-POC
0xn0ne/weblogicScanner
20142995/nuclei-templates
ARPSyndicate/cvemon
ASTTeam/XXE
Secdomain/OSWE-Notes
SexyBeast233/SecBooks
aaidanquimby/OSWE-Notes
cyb3r-w0lf/nuclei-template-collection

References

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-2888?: CVE-2019-2888 is a vulnerability in Oracle Corporation Weblogic Server. Published 2019-10-16.
Is CVE-2019-2888 known to be exploited?: 25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.