CVE-2015-4852
Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
CVSS
—
No CVSS
EPSS
96.0%
p100
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
96.0%EPSS · 30 days96.0%
2026-06-302026-07-16
Product
Oracle / WebLogic Server
Vulnerability
Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
No
Summary description
Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-4852
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2020-14882—100.0%
KEV—80Oracle WebLogic Server Remote Code Execution Vulnerability—CVE-2017-10271—100.0%
KEV—80Oracle Corporation WebLogic Server Remote Code Execution Vulnerability—CVE-2019-2725—100.0%
KEV—80Oracle WebLogic Server, Injection—CVE-2023-21839—100.0%
KEV—80Oracle WebLogic Server Unspecified Vulnerability—CVE-2020-14750—99.9%
KEV—80Oracle WebLogic Server Remote Code Execution Vulnerability—CVE-2018-2628—99.9%
KEV—80Oracle WebLogic Server Unspecified Vulnerability—