Oracle Issues Emergency Patch for Remote Code Execution Vulnerability in Oracle WebLogic Server

https://gbhackers.com/oracle-emergency-patch/

IT giant Oracle, on 1st November 2020, released a Security Alert Advisory, CVE-2020-14750, relating to a remote code execution vulnerability on Oracle WebLogic Server. Oracle WebLogic Server is a Java EE application server. The most recent version being WebLogic Server 14c( 14.1.1) released on March 30, 2020.

Security Alert Advisory

The Security Alert uses suggestions to the vulnerability which relates to CVE-2020-14882, resolved in October 2020, Critical Patch Update, which was remotely exploitable with no authentication. Oracle strongly suggests the users to use the updates at the earliest.

Impacted items

The affected product is the Oracle WebLogic Server wherein the following versions are impacted:

10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

You may have a look at the risk matrix provided by Oracle which assists to comprehend the versions supported.

Security alerts: Applicable Product and Version

The Cybersecurity and Infrastructure Security Agency (CISA) likewise released an alert on 2nd November 2020 bringing the attention of users to this spot.

The Product releases that are not under Premier Support or Extended Support are not evaluated for the presence of vulnerabilities attended to by this Security Alert. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities..

” Oracle has actually launched an out-of-band security alert to resolve a remote code execution vulnerability– CVE-2020-14750– in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an afflicted system.”– CISA.

A quick search on Spyse, a cybersecurity online search engine, exposes that there are approximately 3000+ Oracle WebLogic Servers accessible over the general public internet and are susceptible to CVE-2020-14882.

The spots proposed in the Oracle Security alert applies for all the item versions which is covered under the Premier Support or Extended Support phase of the Lifetime Support Policy.

Attention to the Security Alert.

The assailants have certainly resorted to techniques instead of treats, this frightening Halloween !!

Also Read.

” Oracle has actually released an out-of-band security alert to address a remote code execution vulnerability– CVE-2020-14750– in Oracle WebLogic Server.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Oracle Critical Patch Update Addresses 405 New Security Vulnerabilities– April 2020.

IT giant Oracle, on 1st November 2020, provided a Security Alert Advisory, CVE-2020-14750, concerning a remote code execution vulnerability on Oracle WebLogic Server. Oracle WebLogic Server is a Java EE application server. The latest variation being WebLogic Server 14c( 14.1.1) released on March 30, 2020.

Oracle Warns Active Exploitation of Recently Patched WebLogic RCE Flaw.