CVE-2018-2628

KEV EPSS 94.42% · P100 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-2628

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Oracle Fusion Middleware 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Oracle WebLogic Server是美国甲骨文（Oracle）公司的一款适用于云环境和传统环境的应用服务器，它提供了一个现代轻型开发平台，支持应用从开发到生产的整个生命周期管理，并简化了应用的部署和管理。WLS Core是其中的一个核心组件。 Oracle WebLogic Server中的WLS核心组件存在远程代码执行漏洞。攻击者可通过远程发送攻击数据，借助T3协议在WebLogic Server中执行反序列化操作利用该漏洞执行代码。以下版本受到影响：Oracle WebLogic Serve

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Oracle Corporation	WebLogic Server	10.3.6.0	-

II. Public POCs for CVE-2018-2628

#	POC Description	Source Link	Shenlong Link
1	CVE-2018-2628	https://github.com/forlin/CVE-2018-2628	POC Details
2	CVE-2018-2628 & CVE-2018-2893	https://github.com/shengqi158/CVE-2018-2628	POC Details
3	CVE-2018-2628	https://github.com/skydarker/CVE-2018-2628	POC Details
4	None	https://github.com/jiansiting/weblogic-cve-2018-2628	POC Details
5	None	https://github.com/zjxzjx/CVE-2018-2628-detect	POC Details
6	WebLogic WLS核心组件反序列化漏洞多线程批量检测脚本 CVE-2018-2628-MultiThreading	https://github.com/aedoo/CVE-2018-2628-MultiThreading	POC Details
7	CVE-2018-2628	https://github.com/victor0013/CVE-2018-2628	POC Details
8	None	https://github.com/9uest/CVE-2018-2628	POC Details
9	None	https://github.com/Shadowshusky/CVE-2018-2628all	POC Details
10	None	https://github.com/shaoshore/CVE-2018-2628	POC Details
11	Some codes for bypassing Oracle WebLogic CVE-2018-2628 patch	https://github.com/tdy218/ysoserial-cve-2018-2628	POC Details
12	None	https://github.com/R0B1NL1N/CVE-2018-2628	POC Details
13	cve-2018-2628 反弹shell	https://github.com/wrysunny/cve-2018-2628	POC Details
14	Weblogic 反序列化漏洞(CVE-2018-2628)	https://github.com/jas502n/CVE-2018-2628	POC Details
15	None	https://github.com/stevenlinfeng/CVE-2018-2628	POC Details
16	None	https://github.com/likescam/CVE-2018-2628	POC Details
17	A remote code execution exploit for WebLogic based on CVE-2018-2628	https://github.com/Nervous/WebLogic-RCE-exploit	POC Details
18	CVE-2018-2628漏洞工具包	https://github.com/Lighird/CVE-2018-2628	POC Details
19	漏洞利用工具	https://github.com/0xMJ/CVE-2018-2628	POC Details
20	漏洞复现	https://github.com/seethen/cve-2018-2628	POC Details
21	None	https://github.com/BabyTeam1024/cve-2018-2628	POC Details
22	weblogic-cve-2018-2628-exp	https://github.com/cscadoge/weblogic-cve-2018-2628	POC Details
23	CVE-2018-2628漏洞工具	https://github.com/Serendipity-Lucky/CVE-2018-2628	POC Details
24	None	https://github.com/likekabin/CVE-2018-2628	POC Details
25	The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 contains an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.	https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2018/CVE-2018-2628.yaml	POC Details
26	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Weblogic%20WLS%20Core%20Components%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2018-2628.md	POC Details
27		https://github.com/vulhub/vulhub/blob/master/weblogic/CVE-2018-2628/README.md	POC Details
28	在python3中运行的脚本	https://github.com/herantong/CVE-2018-2628	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-2628

请登录查看更多情报信息。

https://github.com/brianwrf/CVE-2018-2628x_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://www.exploit-db.com/exploits/46513/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/44553/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/45193/exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/103776vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040696vdb-entryx_refsource_SECTRACK
https://nvd.nist.gov/vuln/detail/CVE-2018-2628

Same Patch Batch · Oracle Corporation · 2018-04-19 · 136 CVEs total

CVE-2018-2826		Oracle Java SE 安全漏洞
CVE-2018-2843		Oracle Virtualization VM VirtualBox组件安全漏洞
CVE-2018-2842		Oracle Virtualization VM VirtualBox组件安全漏洞
CVE-2018-2841		Oracle Database Server Java VM组件安全漏洞
CVE-2018-2840		Oracle Retail Applications Retail Xstore Point of Service组件安全漏洞
CVE-2018-2839		Oracle MySQL Server组件安全漏洞
CVE-2018-2838		Oracle PeopleSoft Products PeopleSoft Enterprise PRTL Interaction Hub组件安全漏洞
CVE-2018-2837		Oracle Virtualization VM VirtualBox组件安全漏洞
CVE-2018-2836		Oracle Virtualization VM VirtualBox组件安全漏洞
CVE-2018-2835		Oracle Virtualization VM VirtualBox组件安全漏洞
CVE-2018-2834		Oracle Fusion Middleware Data Visualization Desktop组件安全漏洞
CVE-2018-2833		Oracle Hospitality Applications Hospitality Simphony组件安全漏洞
CVE-2018-2832		Oracle GoldenGate组件安全漏洞
CVE-2018-2830		Oracle Virtualization VM VirtualBox组件安全漏洞
CVE-2018-2829		Oracle Hospitality Applications Hospitality Simphony组件安全漏洞
CVE-2018-2828		Oracle Fusion Middleware WebCenter Content组件安全漏洞
CVE-2018-2827		Oracle Hospitality Applications Hospitality Suite8组件安全漏洞
CVE-2018-2816		Oracle MySQL Server组件安全漏洞
CVE-2018-2814		Oracle Java SE和Java SE Embedded组件安全漏洞
CVE-2018-2815		Oracle Java SE、Java SE Embedded和JRockit组件安全漏洞

Showing top 20 of 136 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: WebLogic Server

Same vendor: Oracle Corporation

V. Comments for CVE-2018-2628

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-2628

I. Basic Information for CVE-2018-2628

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2018-2628

III. Intelligence Information for CVE-2018-2628

Same Patch Batch · Oracle Corporation · 2018-04-19 · 136 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-2628

Leave a comment