Remote Code Execution (RCE) vulnerability in Oracle WebLogic Server (CVE-2020-14750)

Published on 03 Nov 2020

Updated on 02 Jul 2021

Remote Code Execution (RCE) vulnerability in Oracle WebLogic Server (CVE-2020-14750)

There are reports of active exploitation in the wild on a new RCE vulnerability (CVE-2020-14750), related to CVE-2020-14882. The latter CVE was addressed in an alert issued by SingCERT on 30 October 2020.

CVE-2020-14750 is an easily exploitable vulnerability in Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0., that allows an unauthenticated attacker with network access via HTTP to compromise the server remotely without the need for a username and password. Successful exploitation can result in takeover of the Oracle WebLogic Server.

Users and System Administrators of affected products are advised to install the latest security updates immediately.

More information is available here:
https://www.oracle.com/security-alerts/alert-cve-2020-14750.html