This Security Alert addresses CVE-2020-14750, a vulnerability in Oracle WebLogic Server for remote code execution. This vulnerability is identified with CVE-2020-14882, which was tended to in the October 2020 Critical Patch Update. It is remotely exploitable without authentication, i.e., might be misused over an organization without the requirement for a username and password.
The Security Alert Advisory is the beginning stage for pertinent data. It incorporates a synopsis of the security weakness, and a pointer to acquire the most recent patches. Supported products not specified in the ‘Products and Versions affected’ section of the advisory do not require new patches to be applied. Likewise, it is basic to survey the Security Alert supporting documentation referred to in the Advisory prior to applying patches, as this is the place where you can discover significant relevant data.
It fixed 402 vulnerabilities across various product families. Supported versions that are affected are 10.3.6.0.0, 18.104.22.168.0, 22.214.171.124.0, 126.96.36.199.0 and 188.8.131.52.0.
“Due to the severity of this vulnerability and the publication of exploit code on various sites, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.”
The Cybersecurity and Infrastructure Security Agency (CISA) also published an alert related to the vulnerability that urges users and administrators to apply the security update.
“Oracle has released an out-of-band security alert to address a remote code execution vulnerability—CVE-2020-14750—in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system.” reads the alert. “The Cybersecurity and Infrastructure Security Agency (CISA) urges users and administrators to review the Oracle Security Alert and apply the necessary updates.”