Oracle Issues Out-of-Band Update for Remote-Access VulnerabilityOracle Issues Out-of-Band Update for Remote-Access Vulnerability
The exploit could give an attacker complete control of vulnerable WebLogic servers.
November 4, 2020
Oracle has issued an out-of-band update for a CVE with a CVSS score of 9.8 - the second such CVE in a matter of days. The new update addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. A successful attack would allow an unauthorized user complete control of the server.
According to the post announcing the update, CVE-2020-14750 is related to CVE-2020-14882, which the company addressed in its October 2020 Critical Patch Update. The vulnerabilities are considered to be highly critical because they are simple, and can be exploited remotely and without authentication: no user name or password required.
According to Johannes Ullrich of the SANS Institute, "All IPv4 addresses have been scanned for this vulnerability. If you find a vulnerable server in your network: Assume it has been compromised." Oracle has recommended that customers with vulnerable WebLogic servers apply the update immediately.
For more, read here.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks