Oracle patched a Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server. A security researcher, who operates through the Twitter handle @pyn3rd, has now found a way using which attackers can bypass the security patch and exploit the vulnerability once again. It is unclear when Oracle would release a new security update to address this issue that has re-opened CVE-2018-2628 flaw.
Source: https://thehackernews.com/2018/04/oracle-weblogic-rce-exploit.html