Quick Hits

Oracle Issues Out-of-Band Update for Remote-Access Vulnerability

The exploit could give an attacker complete control of vulnerable WebLogic servers.

Oracle has issued an out-of-band update for a CVE with a CVSS score of 9.8 - the second such CVE in a matter of days. The new update addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. A successful attack would allow an unauthorized user complete control of the server.

Related Content:

Four Rules and Three Tools to Protect Against Fake SaaS Apps

The Changing Face of Threat Intelligence

New on The Edge: 9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

According to the post announcing the update, CVE-2020-14750 is related to CVE-2020-14882, which the company addressed in its October 2020 Critical Patch Update. The vulnerabilities are considered to be highly critical because they are simple, and can be exploited remotely and without authentication: no user name or password required.

According to Johannes Ullrich of the SANS Institute, "All IPv4 addresses have been scanned for this vulnerability. If you find a vulnerable server in your network: Assume it has been compromised." Oracle has recommended that customers with vulnerable WebLogic servers apply the update immediately.

For more, read here.