CVE-2020-14882

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0

Description A vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console) allows an unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. The flaw is under active attack, and researchers warn that it has been exploited in real-world incidents. The vulnerability can be exploited using a single GET request.

Recommendations For Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0, apply the official fix from Oracle to patch the vulnerability. As a temporary workaround, consider restricting access to the Console component of the WebLogic Server to minimize the risk of exploitation. Additionally, monitor your system for any suspicious activity and consider implementing additional security measures to prevent exploitation.