Security News > 2020 > October > Oracle WebLogic Server RCE Flaw Under Active Attack
2020-10-29 14:49
The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn.
If an organization hasn't updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: "Assume it has been compromised."
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.
In May 2020, Oracle urged customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack.
In June 2019, Oracle said that a critical remote code execution flaw in its WebLogic Server was being actively exploited in the wild.
News URL
https://threatpost.com/oracle-weblogic-server-rce-flaw-attack/160723/
Related news
- Oracle WebLogic Server OS Command Injection Flaw Under Active Attack (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)
- Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (source)
- New attack leaks VPN traffic using rogue DHCP servers (source)
- MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks (source)
- 7-year-old Oracle WebLogic bug under active exploitation (source)
- TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-14882 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 10.0 |