Oracle WebLogic Remote Code Execution Vulnerability Exploited


Oracle web logic server is a Java EE application server that is part of Oracle’s Fusion Middleware portfolio and supports a variety of popular databases. These servers are often targeted by attackers.

The console component of the WebLogic Server has a flaw, CVE-2020-14882, and CVE-2020-14883, which ranks 9.8 out of 10 on the CVSS scale.CVE-2020-14882 may allow unauthenticated attackers with network access via HTTP to achieve total compromise and takeover of vulnerable Oracle WebLogic Servers. CVE-2020-14883  that allows a high privileged attacker with network access via HTTP to compromise the Oracle WebLogic Server. 

Oracle WebLogic Affected Versions

10.3.6.0.0

12.1.3.0.0

12.2.1.3.0

12.2.1.4.0

14.1.1.0.0

Users and System Administrators of affected products are advised to install the latest security updates immediately. 

More information is available here:

https://www.oracle.com/security-alerts/cpuoct2020traditional.html

https://nvd.nist.gov/vuln/detail/CVE-2020-14882

https://nvd.nist.gov/vuln/detail/CVE-2020-14883

4 Comments