Security News > 2020 > November > Oracle Issues Out-of-Band Update for Critical Vulnerability Exploited in Attacks
Oracle has released an out-of-band security alert for a critical remote code execution vulnerability affecting WebLogic Server.
"This Security Alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. [] It is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," Oracle notes in its advisory.
"The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system," Czech vulnerability intelligence company Cybersecurity Help says.
In its advisory, Oracle credited 20 researchers/organizations for reporting the vulnerability.
"Due to the severity of this vulnerability and the publication of exploit code on various sites, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible," Oracle notes.
News URL
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Critical GitHub Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-14750 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 0.0 |