Detections
Analytics
CVE-2020-14882
critical
Description
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
From the Tenable Blog
CVE-2020-14882: Oracle WebLogic Remote Code Execution Vulnerability Exploited in the Wild
Published: 2020-10-29
A remote code execution vulnerability in Oracle WebLogic Server has been actively exploited in the wild just one week after a patch was released and one day after a proof of concept was published.Update October 30, 2020: The solutions section has been updated to reflect the disclosure of a potential bypass of the patch for CVE-2020-14882.Update November 2, 2020: The solutions section has been updated to reflect the release of a patch to address the potential bypass of the patch for CVE-2020-14482.
References
https://thehackernews.com/2023/12/8220-gang-exploiting-oracle-weblogic.html
https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker?&web_view=true
https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report
https://www.oracle.com/security-alerts/cpuoct2020.html
http://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html