The insecure deserialization vulnerability in certain versions of Oracle Weblogic (Server product of Oracle Fusion Middleware) exploited by a remote attacker with network access via IIOP, by sending crafted requests to the server. Successful exploitation will enable an attacker to execute arbitrary codes and eventually result in takeover of Oracle Weblogic server.
Oracle WebLogic Server 10.3.6 Oracle WebLogic Server 12.1.3 Oracle WebLogic Server 12.2.1.3 Oracle WebLogic Server 12.2.1.4
In order to patch this vulnerability, please install the official patch released by Oracle.(https://www.oracle.com/security-alerts/cpujan2020.html)