Security News > 2020 > May > Oracle Says Hackers Targeting Recently Patched Vulnerabilities

Oracle Says Hackers Targeting Recently Patched Vulnerabilities
2020-05-01 14:47

Oracle warned customers on Thursday that threat actors have been spotted attempting to exploit multiple recently patched vulnerabilities, including a critical WebLogic Server flaw tracked as CVE-2020-2883.

Oracle's April 2020 Critical Patch Update resolves nearly 400 vulnerabilities, including CVE-2020-2883, a critical flaw in Oracle WebLogic Server that can be exploited by an unauthenticated attacker for remote code execution.

Oracle has credited several people for independently reporting this vulnerability, including Bui Duong from Viettel Cyber Security, Jang of VNPT ISC, Kaki King, lufei from Qi An Xin Group, and Quynh Le of VNPT ISC. Quynh Le reported his findings to Oracle through Trend Micro's Zero Day Initiative, which recently published advisories describing two variants of CVE-2020-2883 identified by the researcher in February and March.

CVE-2020-2883 is one of the several WebLogic Server vulnerabilities for which a researcher claims to have published proof-of-concept code.

It's not uncommon for malicious actors to exploit Oracle WebLogic vulnerabilities in their attacks, in some cases even before a patch is released by Oracle.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/A2quUqAB5mA/oracle-says-hackers-targeting-recently-patched-vulnerabilities

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-04-15 CVE-2020-2883 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 698 249 2225 1709 366 4549