Published threat advisories for April 26, 2019

A vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access to potentially take over affected servers. This poses a business risk to organizations that use this Oracle component for their applications and services. Exploitation could lead to unauthorized control of critical systems.

NVD published: April 26, 2019 • CISA KEV

An authenticated attacker could exploit a command injection vulnerability in the Pulse Secure admin interface. This could allow for unauthorized command execution, potentially impacting systems and data. The risk to organizations with externally facing Pulse Secure devices is considerable, requiring prompt attention.

NVD published: April 26, 2019 • CISA KEV