For Oracle WebLogic Server urgently released a patch to the vulnerability, on the basis of which there are already precedents for active exploitation. Also, a few days ago, a fairly close vulnerability was identified in the same software.

 

The urgent release of an extraordinary patch for such a critical vulnerability was extremely relevant for Oracle Corporation due to the beginning of active exploitation of this flaw in the Oracle WebLogic Server software. This vulnerability is called CVE-2020-14750 and is found in many versions of WebLogic Server.

 

Since this software is mainly used as a platform for operating (developing, testing, branching and running enterprise SOFTWARE in, for example, Java), most often in a local and cloud environment, the risk of exploiting such a vulnerability is quite high.

The degree of danger (threat), according to Oracle experts, is 9.8 points out of 10 due to the possibility of using this vulnerability to launch unauthorized users to execute arbitrary code and gain control over the vulnerable server via an HTTP request.

 

Oracle does not provide technical details. It is interesting that, nevertheless, there is information from the same Oracle that the described vulnerability is related to the previous adjacent patch of the October 2020 release (that is, the previous bug also allowed remote launch of arbitrary code to an unauthorized user – a vulnerability with the index CVE-2020-14882, compromising the system using a specially prepared HTTPGET request). Both vulnerabilities affect Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.

 

Oracle Corporation warns its users about the urgent need to update to the latest (patched) version of WebLogic Server as soon as possible. Given the extremely active use of these bugs in cybercriminal attack structures, a delay in updating can cause significant financial and reputational losses for server operators.

Leave a Reply

Your email address will not be published. Required fields are marked *

GPD Host Contacts
GPD Host Social
Pay with Confidence

Copyright © 2015 - 2020 GPD Host All right reserved.