The vulnerability is a remote exploitable deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. The issue was independently reported to Oracle by many security researchers. A remote attacker could exploit the CVE-2019-2729 flaw without authentication without the need for a username and password. Oracle urges its users to apply the necessary patches and also the latest Critical Patch Update (CPU) It received a CVSS score of 9.8.0.0, 12.1.2.0 and 12.3.0.”]
Source: https://securityaffairs.co/wordpress/87327/hacking/weblogic-rce-cve-2019-2729.html