Oracle issued an out-of-band security update to address a critical remote code execution vulnerability impacting multiple Oracle WebLogic Server versions.
Oracle issued an out-of-band security update to address a critical remote code execution vulnerability impacting multiple Oracle WebLogic Server versions.
The vulnerability was tracked as CVE-2020-14750 with a severity score of 9.8 out of a maximum rating of 10.
The issue was discovered by 20 organisations and people in the security advisory; provided information that allowed the company to address CVE-2020-14750.
The vulnerability could be exploited by unauthenticated attackers via HTTP without user interaction, as part of low complexity attacks to take over targeted servers potentially.
“It is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password,” states the advisory published by Oracle.
The flaw affects Oracle WebLogic Server versions by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 versions.
Oracle strongly recommends the customers to apply the updates immediately due to the severity and publication of exploit code on various sites.
Eric Maurice, Director of Security Assurance at Oracle, also shared a link to WebLogic Server hardening instructions in a blog post published on Sunday urging the out-of-band security update.
The Cybersecurity and Infrastructure Security Agency (CISA) also published an alert connected to the vulnerability that advises the users and administrators to apply the security update.
The advisory states that this vulnerability is related to the CVE-2020-14882 flaw with 9.8 severity that was addressed in the October 2020 Critical Patch Update.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?