Security News > 2020 > October > Oracle WebLogic Server RCE Flaw Under Active Attack
2020-10-29 14:49
The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn.
If an organization hasn't updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: "Assume it has been compromised."
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.
In May 2020, Oracle urged customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack.
In June 2019, Oracle said that a critical remote code execution flaw in its WebLogic Server was being actively exploited in the wild.
News URL
https://threatpost.com/oracle-weblogic-server-rce-flaw-attack/160723/
Related news
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-14882 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 9.8 |