CVE-2020-2552

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0.0 and 12.1.3.0.0

Description The issue is related to insufficient access control in the WLS Core Components of Oracle WebLogic Server, allowing a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful attacks require human interaction and can result in unauthorized update, insert, or delete access to some of Oracle WebLogic Server's accessible data, as well as unauthorized read access to a subset of the server's accessible data.

Recommendations For version 10.3.6.0.0, update to a newer version to mitigate the risk. For version 12.1.3.0.0, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the WLS Core Components until a patch is available.