Skip to ContentSkip to Footer
IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
News

Oracle releases emergency WebLogic Server patch to fix RCE flaw

The vulnerability could enable hackers to remotely exploit the server without any user interaction

by: Rene Millman
3 Nov 2020
Oracle building with blue sky in the background

Shutterstock

Oracle has been forced to issue an out-of-band patch to fix a critical remote code execution (RCE) flaw affecting multiple Oracle WebLogic Server versions.

The vulnerability, tracked as CVE-2020-14750, could enable hackers to remotely exploit the server via a HTTP GET through the server's console component, without any user interaction and may be exploited over a network without the need for a username and password.

"Due to the severity of this vulnerability and the publication of exploit code on various sites, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible,” Oracle explained in an https://www.oracle.com/security-alerts/alert-cve-2020-14750.html advisory.

The advisory said that the supported Oracle WebLogic Server versions that are affected by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.

Proof-of-concept code that could exploit the bug was made public on GitHub. According to security firm Spyse, around 3,300 WebLogic servers are exposed at the moment and could be vulnerable to the flaw.

In a blog post, Eric Maurice, director of Security Assurance at Oracle, shared a link to help users harden affected servers.

He also said that the vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. That particular flaw could enable hackers network access via HTTP to achieve total compromise and takeover of vulnerable Oracle WebLogic Servers.

The US Cybersecurity and Infrastructure Security Agency (CISA) also warned users about the dangers of the vulnerability and encouraged administrators to apply the patch as soon as possible. 

Featured Resources

Big data for finance

How to leverage big data analytics and AI in the finance sector

Free Download

Ten critical factors for cloud analytics success

Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROI

Free Download

Remove barriers and reconnect with your customers

The $260 billion dollar friction problem businesses don't know they have

Free Download

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Free Download

Recommended

Sitecore XP RCE flaw is being actively exploited, ACSC warns
vulnerability

Sitecore XP RCE flaw is being actively exploited, ACSC warns

9 Nov 2021

Most Popular

How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
Why collaboration is key to digital transformation
Sponsored

Why collaboration is key to digital transformation

13 Sep 2022
Skip to HeaderSkip to Content