CVE-2020-14750

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0

Description The issue is related to a vulnerability in the Oracle WebLogic Server product, specifically in the Console component. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the Oracle WebLogic Server, potentially resulting in a takeover. The vulnerability is easily exploitable and can impact the confidentiality, integrity, and availability of the server. It is associated with errors in code generation management and can be exploited using HTTP requests.

Recommendations For versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, update to a version that includes the emergency patch released by Oracle to fix this critical flaw. As a temporary workaround, consider restricting access to the Console component until a patch is applied. Avoid using the vulnerable Console component in the affected Oracle WebLogic Server versions until the issue is resolved.