Thursday, March 28, 2024

Oracle Issues Emergency Patch for Remote Code Execution Vulnerability in Oracle WebLogic Server

IT giant Oracle, on 1st November 2020, issued a Security Alert Advisory, CVE-2020-14750, regarding a remote code execution vulnerability on Oracle WebLogic Server. Oracle WebLogic Server is a Java EE application server. The latest version being WebLogic Server 14c(14.1.1) released on March 30, 2020.

Security Alert Advisory

The Security Alert offers recommendations to the vulnerability which pertains to CVE-2020-14882, addressed in October 2020, Critical Patch Update, which was remotely exploitable without any authentication. Oracle strongly recommends the users to apply the updates at the earliest.

Affected products

The affected product is the Oracle WebLogic Server wherein the following versions are affected:

10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

You may take a look at the risk matrix provided by Oracle which helps to understand the versions supported.

Security alerts: Applicable Product and Version

The patches proposed in the Oracle Security alert is applicable for all the product versions which is covered under the Premier Support or Extended Support phase of the Lifetime Support Policy.

The Product releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Security Alert. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities. 

Attention to the Security Alert

The Cybersecurity and Infrastructure Security Agency (CISA) also published an alert on 2nd November 2020 bringing the attention of users to this patch.

Oracle has released an out-of-band security alert to address a remote code execution vulnerability—CVE-2020-14750—in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system.” – CISA

A quick search on Spyse, a cybersecurity search engine, reveals that there are approximately 3000+ Oracle WebLogic Servers accessible over the public internet and are vulnerable to CVE-2020-14882.

The attackers have definitely resorted to tricks instead of treats, this scary Halloween!!

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Oracle Warns Active Exploitation of Recently Patched WebLogic RCE Flaw

Oracle Critical Patch Update Addresses 405 New Security Vulnerabilities – April 2020

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles