Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle fusion middleware 12.1.3.0 |
||
oracle fusion middleware 10.3.6.0 |
||
oracle fusion middleware 12.2.1.3.0 |
||
oracle fusion middleware 12.2.1.4.0 |
||
oracle fusion middleware 14.1.1.0.0 |
D'oh! If only they'd seen bug before issuing those 402 other fixes If you haven't patched WebLogic server console flaws in the last eight days 'assume it has been compromised'
Oracle has released an emergency patch after a security vulnerability was revealed in its WebLogic middleware last week. The security alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. "This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. It is remotely exploitable without authentication, i.e. may be exploited over a network without the need for a username and password," Oracle said in a secu...