CVE-2017-3506

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document. Vendor/Product: Oracle WebLogic Server. Added to CISA KEV 2024-06-03; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.