All versions of Oracle Weblogic are vulnerable to a remote code execution flaw. There is currently no CVE number attached to the flaw, but Oracle has been alerted, and it is being tracked by the following identifier: CNVD-C-2019-48814. There are tens of thousands of Weblogic servers across the world with the majority being in the US and China. These servers can be attractive to attackers because they allow them access to resources that they can use for covert crypto-mining. Server administrators are urged to delete wls9_async_response.war, wls-wsat.war and restart the Weblogic service. Another option is to prevent access to the /_async/* and /wls-wsat/* URL paths with access policy control.