Security News > 2020 > October > Oracle WebLogic Server RCE Flaw Under Active Attack
2020-10-29 14:49
The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn.
If an organization hasn't updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: "Assume it has been compromised."
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.
In May 2020, Oracle urged customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack.
In June 2019, Oracle said that a critical remote code execution flaw in its WebLogic Server was being actively exploited in the wild.
News URL
https://threatpost.com/oracle-weblogic-server-rce-flaw-attack/160723/
Related news
- Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Mitel 0-day, 5-year-old Oracle RCE bug under active exploit (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-14882 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 0.0 |