[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2015-4852":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":90,"duplicate_of":9,"upstream":91,"downstream":92,"duplicates":101,"related":102,"reserved_at":9,"published_at":105,"modified_at":106,"state":107,"summary":108,"references_raw":116,"kevs":196,"epss":207,"epss_history":210,"metrics":410,"affected":421},"CVE-2015-4852","The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-502","Deserialization of Untrusted Data","The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-586","Object Injection",[],[25,34,39,52,64,72],{"_key":26,"name":27,"source":28,"url":29,"maturity":30,"reliability_score":31,"verified":32,"type":9,"platforms":33,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_AB2497940E780EA0","Exploit Reference (foxglovesecurity.com)","reference","http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/","unknown",0.2,false,[],{"_key":35,"name":36,"source":28,"url":37,"maturity":30,"reliability_score":31,"verified":32,"type":9,"platforms":38,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_91745F3D77F1DDE8","Exploit Reference (packetstormsecurity.com)","http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html",[],{"_key":40,"name":41,"source":42,"url":43,"maturity":44,"reliability_score":45,"verified":32,"type":46,"platforms":47,"requires_auth":9,"exploitdb":49,"metasploit":9},"42806","Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution","exploit-database","https://www.exploit-db.com/exploits/42806","poc",0.5,"remote",[48],"java",{"verified":32,"type":46,"platform":48,"file":50,"codes":51},"exploits/java/remote/42806.py",[7],{"_key":53,"name":54,"source":42,"url":55,"maturity":56,"reliability_score":57,"verified":58,"type":46,"platforms":59,"requires_auth":9,"exploitdb":61,"metasploit":9},"46628","Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)","https://www.exploit-db.com/exploits/46628","weaponized",0.8,true,[60],"multiple",{"verified":58,"type":46,"platform":60,"file":62,"codes":63},"exploits/multiple/remote/46628.rb",[7],{"_key":65,"name":66,"source":42,"url":67,"maturity":44,"reliability_score":45,"verified":32,"type":46,"platforms":68,"requires_auth":9,"exploitdb":69,"metasploit":9},"44552","Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution","https://www.exploit-db.com/exploits/44552",[60],{"verified":32,"type":46,"platform":60,"file":70,"codes":71},"exploits/multiple/remote/44552.sh",[7],{"_key":73,"name":74,"source":75,"url":76,"maturity":56,"reliability_score":77,"verified":58,"type":46,"platforms":78,"requires_auth":32,"exploitdb":9,"metasploit":79},"MSF_EXPLOIT_MULTI_MISC_WEBLOGIC_DESERIALIZE_RAWOBJECT","Oracle Weblogic Server Deserialization RCE - Raw Object","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/multi/misc/weblogic_deserialize_rawobject.rb",1,[],{"fullname":80,"rank":81,"rank_name":82,"post_auth":32,"check":32,"notes":83},"exploit/multi/misc/weblogic_deserialize_rawobject",600,"excellent",{"Stability":84,"SideEffects":86,"Reliability":88},[85],"crash-safe",[87],"ioc-in-logs",[89],"repeatable-session",[],[],[93,95,97,99],{"_key":94},"SUSE-SU-2025:02056-1",{"_key":96},"USN-6936-1",{"_key":98},"OPENSUSE-SU-2024:10617-1",{"_key":100},"UBUNTU-CVE-2015-4852",[],[103,104],{"_key":94},{"_key":98},"2015-11-18T15:00:00.000Z","2025-10-21T23:55:57.062Z","Analyzed",{"cisa_kev":58,"cisa_ransomware":32,"cisa_vendor":109,"epss_severity":110,"epss_score":111,"severity":110,"severity_score":112,"severity_version":113,"severity_source":114,"severity_vector":115,"severity_status":107},"Oracle","critical",0.92947,9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[117,125,129,133,137,143,147,152,158,163,167,174,180,183,186,190],{"url":118,"sources":119,"tags":121},"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",[114,120],"nvd",[122,123,124],"X Refsource CONFIRM","Patch","Vendor Advisory",{"url":126,"sources":127,"tags":128},"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",[114,120],[122,123],{"url":130,"sources":131,"tags":132},"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",[114,120],[122,123,124],{"url":134,"sources":135,"tags":136},"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",[114,120],[122,123,124],{"url":138,"sources":139,"tags":140},"https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py",[114,120],[141,142],"X Refsource MISC","Product",{"url":144,"sources":145,"tags":146},"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",[114,120],[122,123,124],{"url":148,"sources":149,"tags":150},"https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852",[114,120],[122,151],"Broken Link",{"url":153,"sources":154,"tags":155},"http://www.securitytracker.com/id/1038292",[114,120],[156,157,151],"VDB Entry","X Refsource SECTRACK",{"url":159,"sources":160,"tags":161},"http://www.securityfocus.com/bid/77539",[114,120],[156,162,151],"X Refsource BID",{"url":164,"sources":165,"tags":166},"http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html",[114,120],[122,124],{"url":168,"sources":169,"tags":170},"http://www.openwall.com/lists/oss-security/2015/11/17/19",[114,120],[171,172,173],"Mailing List","X Refsource MLIST","Third Party Advisory",{"url":175,"sources":176,"tags":177},"https://www.exploit-db.com/exploits/42806/",[114,120],[178,179,173,156],"Exploit","X Refsource EXPLOIT DB",{"url":29,"sources":181,"tags":182},[114,120],[141,178],{"url":37,"sources":184,"tags":185},[114,120],[141,178,173,156],{"url":187,"sources":188,"tags":189},"https://www.exploit-db.com/exploits/46628/",[114,120],[178,179,173,156],{"url":191,"sources":192,"tags":193},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4852",[114,120],[194,195],"Government Resource","US Government Resource",[197],{"source":198,"vendor":109,"product":199,"date_added":200,"vulnerability_name":201,"short_description":202,"required_action":203,"due_date":204,"known_ransomware_campaign_use":205,"notes":206,"exploitation_type":9},"cisa","WebLogic Server","2021-11-03","Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability","Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.","Apply updates per vendor instructions.","2022-05-03","Unknown","https://nvd.nist.gov/vuln/detail/CVE-2015-4852",{"date":208,"score":111,"percentile":209},"2026-06-04",0.99783,[211,215,217,219,222,224,226,229,231,233,235,237,239,241,245,248,250,253,256,258,261,263,265,267,269,271,273,275,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,309,311,315,317,321,324,326,328,330,332,334,336,338,340,342,344,347,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,382,384,386,388,390,392,394,396,398,400,402,404,406,408],{"date":212,"score":213,"percentile":214},"2025-11-04",0.92644,0.99734,{"date":216,"score":213,"percentile":214},"2025-11-05",{"date":218,"score":213,"percentile":214},"2025-11-06",{"date":220,"score":213,"percentile":221},"2025-11-07",0.99732,{"date":223,"score":213,"percentile":221},"2025-11-08",{"date":225,"score":213,"percentile":221},"2025-11-09",{"date":227,"score":213,"percentile":228},"2025-11-10",0.99733,{"date":230,"score":213,"percentile":221},"2025-11-11",{"date":232,"score":213,"percentile":221},"2025-11-12",{"date":234,"score":213,"percentile":228},"2025-11-13",{"date":236,"score":213,"percentile":221},"2025-11-14",{"date":238,"score":213,"percentile":228},"2025-11-15",{"date":240,"score":213,"percentile":228},"2025-11-16",{"date":242,"score":243,"percentile":244},"2025-11-17",0.92463,0.99717,{"date":246,"score":243,"percentile":247},"2025-11-18",0.99796,{"date":249,"score":243,"percentile":247},"2025-11-19",{"date":251,"score":243,"percentile":252},"2025-11-20",0.99795,{"date":254,"score":243,"percentile":255},"2025-11-21",0.99715,{"date":257,"score":243,"percentile":255},"2025-11-22",{"date":259,"score":243,"percentile":260},"2025-11-23",0.99716,{"date":262,"score":243,"percentile":260},"2025-11-24",{"date":264,"score":243,"percentile":255},"2025-11-25",{"date":266,"score":243,"percentile":255},"2025-11-26",{"date":268,"score":243,"percentile":255},"2025-11-27",{"date":270,"score":243,"percentile":255},"2025-11-28",{"date":272,"score":243,"percentile":255},"2025-11-29",{"date":274,"score":243,"percentile":255},"2025-11-30",{"date":276,"score":243,"percentile":277},"2025-12-01",0.99723,{"date":279,"score":243,"percentile":277},"2025-12-02",{"date":281,"score":243,"percentile":277},"2025-12-03",{"date":283,"score":243,"percentile":255},"2025-12-04",{"date":285,"score":243,"percentile":260},"2025-12-05",{"date":287,"score":243,"percentile":260},"2025-12-06",{"date":289,"score":243,"percentile":244},"2025-12-07",{"date":291,"score":243,"percentile":260},"2025-12-08",{"date":293,"score":243,"percentile":260},"2025-12-09",{"date":295,"score":243,"percentile":244},"2025-12-10",{"date":297,"score":243,"percentile":244},"2025-12-11",{"date":299,"score":243,"percentile":260},"2025-12-12",{"date":301,"score":243,"percentile":244},"2025-12-13",{"date":303,"score":243,"percentile":244},"2025-12-14",{"date":305,"score":243,"percentile":244},"2025-12-15",{"date":307,"score":243,"percentile":308},"2025-12-16",0.99718,{"date":310,"score":243,"percentile":244},"2025-12-17",{"date":312,"score":313,"percentile":314},"2025-12-18",0.93276,0.99792,{"date":316,"score":313,"percentile":314},"2025-12-19",{"date":318,"score":319,"percentile":320},"2025-12-20",0.92503,0.9972,{"date":322,"score":319,"percentile":323},"2025-12-21",0.99719,{"date":325,"score":319,"percentile":320},"2025-12-22",{"date":327,"score":319,"percentile":320},"2025-12-23",{"date":329,"score":319,"percentile":320},"2025-12-24",{"date":331,"score":319,"percentile":320},"2025-12-25",{"date":333,"score":319,"percentile":320},"2025-12-26",{"date":335,"score":319,"percentile":323},"2025-12-27",{"date":337,"score":319,"percentile":323},"2025-12-28",{"date":339,"score":319,"percentile":323},"2025-12-29",{"date":341,"score":319,"percentile":323},"2025-12-30",{"date":343,"score":319,"percentile":323},"2025-12-31",{"date":345,"score":319,"percentile":346},"2026-01-01",0.99729,{"date":348,"score":319,"percentile":349},"2026-01-02",0.9973,{"date":351,"score":319,"percentile":346},"2026-01-03",{"date":353,"score":319,"percentile":320},"2026-01-04",{"date":355,"score":319,"percentile":320},"2026-01-05",{"date":357,"score":319,"percentile":320},"2026-01-06",{"date":359,"score":243,"percentile":260},"2026-01-07",{"date":361,"score":243,"percentile":260},"2026-01-08",{"date":363,"score":243,"percentile":260},"2026-01-09",{"date":365,"score":243,"percentile":260},"2026-01-10",{"date":367,"score":243,"percentile":255},"2026-01-11",{"date":369,"score":243,"percentile":255},"2026-01-12",{"date":371,"score":243,"percentile":260},"2026-01-13",{"date":373,"score":243,"percentile":244},"2026-01-14",{"date":375,"score":243,"percentile":308},"2026-01-15",{"date":377,"score":243,"percentile":308},"2026-01-16",{"date":379,"score":243,"percentile":323},"2026-01-17",{"date":381,"score":243,"percentile":308},"2026-01-18",{"date":383,"score":243,"percentile":308},"2026-01-19",{"date":385,"score":243,"percentile":308},"2026-01-20",{"date":387,"score":243,"percentile":308},"2026-01-21",{"date":389,"score":243,"percentile":308},"2026-01-22",{"date":391,"score":243,"percentile":308},"2026-01-23",{"date":393,"score":243,"percentile":323},"2026-01-24",{"date":395,"score":243,"percentile":323},"2026-01-25",{"date":397,"score":243,"percentile":323},"2026-01-26",{"date":399,"score":243,"percentile":323},"2026-01-27",{"date":401,"score":243,"percentile":323},"2026-01-28",{"date":403,"score":243,"percentile":323},"2026-01-29",{"date":405,"score":243,"percentile":323},"2026-01-30",{"date":407,"score":243,"percentile":323},"2026-01-31",{"date":409,"score":243,"percentile":346},"2026-02-01",[411,415],{"source":114,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":412,"cvss_v4_0":9},{"baseScore":112,"baseSeverity":413,"vectorString":115,"impactScore":112,"exploitabilityScore":414},"CRITICAL",10,{"source":120,"cvss_v2_0":416,"cvss_v3_0":9,"cvss_v3_1":420,"cvss_v4_0":9},{"baseScore":417,"baseSeverity":9,"vectorString":418,"impactScore":419,"exploitabilityScore":414},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,{"baseScore":112,"baseSeverity":413,"vectorString":115,"impactScore":112,"exploitabilityScore":414},[422,431,439],{"ecosystem":9,"name":423,"vendor":424,"product":425,"cpe_part":426,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":427},"storagetek tape analytics sw tool","oracle","storagetek_tape_analytics_sw_tool","a",[428],{"version":429,"is_range":32,"range_type":430,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.3","cpe",{"ecosystem":9,"name":432,"vendor":424,"product":433,"cpe_part":426,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":434},"virtual desktop infrastructure","virtual_desktop_infrastructure",[435],{"version":436,"is_range":58,"range_type":430,"version_start":9,"version_start_type":9,"version_end":437,"version_end_type":438,"fixed_in":9},"lte3.5.2","3.5.2","including",{"ecosystem":9,"name":199,"vendor":9,"product":199,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":440},[441,443,445,447],{"version":442,"is_range":32,"range_type":430,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.3.6.0.0",{"version":444,"is_range":32,"range_type":430,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.1.2.0.0",{"version":446,"is_range":32,"range_type":430,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.1.3.0.0",{"version":448,"is_range":32,"range_type":430,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.2.1.0.0"]