Security News > 2020 > October > Oracle WebLogic Server RCE Flaw Under Active Attack
The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn.
If an organization hasn't updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: "Assume it has been compromised."
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.
In May 2020, Oracle urged customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack.
In June 2019, Oracle said that a critical remote code execution flaw in its WebLogic Server was being actively exploited in the wild.
News URL
https://threatpost.com/oracle-weblogic-server-rce-flaw-attack/160723/
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Oracle warns of Agile PLM file disclosure flaw exploited in attacks (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-21 | CVE-2020-14882 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 0.0 |