Security News > 2020 > November > Oracle issues emergency patch for critical WebLogic Server flaw

Oracle issues emergency patch for critical WebLogic Server flaw
2020-11-02 14:06

Oracle issued an out-of-band security update over the weekend to address a critical remote code execution vulnerability impacting multiple Oracle WebLogic Server versions.

Supported Oracle WebLogic Server versions that are affected by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.

Oracle released an out-of-band security alert to address a vulnerability-CVE-2020-14750-in Oracle WebLogic Server.

Oracle also says that the vulnerability is related to CVE-2020-14882, another 9.8 out of 10 critical WebLogic Server flaw that was addressed in the October 2020 Critical Patch Update, two weeks ago.

As BleepingComputer reported on Thursday, threat actors started scanning for exposed and vulnerable Oracle WebLogic instances to CVE-2020-14882 exploits one week after it was during this month's Critical Patch Update according to the SANS Technology Institute.


News URL

https://www.bleepingcomputer.com/news/security/oracle-issues-emergency-patch-for-critical-weblogic-server-flaw/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-11-02 CVE-2020-14750 Unspecified vulnerability in Oracle Fusion Middleware
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
critical
 9.8
9.8
2020-10-21 CVE-2020-14882 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 781 388 3148 2078 432 6046