Oracle has issued a security advisory over a vulnerability via XMLDecoder in Oracle's WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, and issued out-of-band security patches.

This Security Alert addresses CVE-2019-2729, a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

You can pick up the patch details on the link here
[oracle.com...]