Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

Security Advisory for CVE-2019-2729 for Oracle WebLogic

Written By

Brian Suh

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Issue

Oracle has issued a security alert for Oracle WebLogic wherein a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services has been detected. The following resource and information are obtained from Oracle's Tech Network, and is intended for subscribers who use the WebLogic platform for their Liferay environments.

CVE-2019-2729 makes note of a remote code execution vulnerability in which WebLogic servers can be exploited over a network without the need for a username and password.

Affects

Subscribers using Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0

Resolution

Obtain and apply the patch provided by Oracle's Tech Network to ensure that the affected environment is patched for any vulnerabilities. For more information, please visit the Oracle Security Alert page for CVE-2019-2729.

Please be advised that this information is provided as a courtesy from Liferay Support. For additional information and assistance with your WebLogic server, please contact Oracle Support.

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?