Security News > 2020 > October > Oracle WebLogic Server RCE Flaw Under Active Attack
2020-10-29 14:49
The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn.
If an organization hasn't updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: "Assume it has been compromised."
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.
In May 2020, Oracle urged customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack.
In June 2019, Oracle said that a critical remote code execution flaw in its WebLogic Server was being actively exploited in the wild.
News URL
https://threatpost.com/oracle-weblogic-server-rce-flaw-attack/160723/
Related news
- Samsung MagicINFO 9 Server RCE flaw now exploited in attacks (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Active! Mail RCE flaw exploited in attacks on Japanese orgs (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil (source)
- Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-14882 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 0.0 |