Security News > 2020 > November > Oracle Issues Out-of-Band Update for Critical Vulnerability Exploited in Attacks
Oracle has released an out-of-band security alert for a critical remote code execution vulnerability affecting WebLogic Server.
"This Security Alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. [] It is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," Oracle notes in its advisory.
"The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system," Czech vulnerability intelligence company Cybersecurity Help says.
In its advisory, Oracle credited 20 researchers/organizations for reporting the vulnerability.
"Due to the severity of this vulnerability and the publication of exploit code on various sites, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible," Oracle notes.
News URL
Related news
- FortiManager critical vulnerability under active attack (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-14750 | Unspecified vulnerability in Oracle Fusion Middleware Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 9.8 |