Security News > 2020 > November > Oracle issues emergency patch for critical WebLogic Server flaw
Oracle issued an out-of-band security update over the weekend to address a critical remote code execution vulnerability impacting multiple Oracle WebLogic Server versions.
Supported Oracle WebLogic Server versions that are affected by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.
Oracle released an out-of-band security alert to address a vulnerability-CVE-2020-14750-in Oracle WebLogic Server.
Oracle also says that the vulnerability is related to CVE-2020-14882, another 9.8 out of 10 critical WebLogic Server flaw that was addressed in the October 2020 Critical Patch Update, two weeks ago.
As BleepingComputer reported on Thursday, threat actors started scanning for exposed and vulnerable Oracle WebLogic instances to CVE-2020-14882 exploits one week after it was during this month's Critical Patch Update according to the SANS Technology Institute.
News URL
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-02 | CVE-2020-14750 | Unspecified vulnerability in Oracle Fusion Middleware Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 0.0 |
2020-10-21 | CVE-2020-14882 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 0.0 |