The exploit could give an attacker complete control of vulnerable WebLogic servers.
Oracle has issued an out-of-band update for a CVE with a CVSS score of 9.8 - the second such CVE in a matter of days. The new update addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. A successful attack would allow an unauthorized user complete control of the server.
According to the post announcing the update, CVE-2020-14750 is related to CVE-2020-14882, which the company addressed in its October 2020 Critical Patch Update. The vulnerabilities are considered to be highly critical because they are simple, and can be exploited remotely and without authentication: no user name or password required.
According to Johannes Ullrich of the SANS Institute, "All IPv4 addresses have been scanned for this vulnerability. If you find a vulnerable server in your network: Assume it has been compromised." Oracle has recommended that customers with vulnerable WebLogic servers apply the update immediately.
For more, read here.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024