Jump to content

Search the Community

Showing results for tags 'weblogic server'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. Oracle issued an out-of-band security update over the weekend to address a critical remote code execution (RCE) vulnerability impacting multiple Oracle WebLogic Server versions. The security vulnerability tracked as CVE-2020-14750 received a 9.8 severity base score from Oracle, out of a maximum rating of 10. Oracle credits 20 organizations and people in the security advisory for having provided information that allowed the company to address CVE-2020-14750. No-auth RCE Unauthenticated attackers can remotely exploit this no-auth RCE flaw in the server's console component via HTTP, without user interaction, as part of low complexity attacks to potentially take over targeted servers. "It is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," Oracle's advisory explains. "Due to the severity of this vulnerability and the publication of exploit code on various sites, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible." Supported Oracle WebLogic Server versions that are affected by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. Eric Maurice, Director of Security Assurance at Oracle, also shared a link to WebLogic Server hardening instructions in a blog post published on Sunday announcing the out-of-band security update. Earlier today, the Cybersecurity and Infrastructure Security Agency (CISA) also urged users and administrators to apply the security update to block potential attacks. Oracle released an out-of-band security alert to address a vulnerability—CVE-2020-14750—in Oracle WebLogic Server. Patch ASAP! https://t.co/34wm2YYgnx #Cyber #Cybersecurity #InfoSec — US-CERT (@USCERT_gov) November 2, 2020 Related to actively targeted CVE-2020-14882 Oracle also says that the vulnerability is related to CVE-2020-14882, another 9.8 out of 10 critical WebLogic Server flaw that was addressed in the October 2020 Critical Patch Update, two weeks ago. As BleepingComputer reported on Thursday, threat actors started scanning for exposed and vulnerable Oracle WebLogic instances to CVE-2020-14882 exploits one week after it was during this month's Critical Patch Update according to the SANS Technology Institute. Just as in the case of CVE-2020-14750, vulnerable versions of Oracle WebLogic Server are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0. Even though the company did not provide any further details regarding the relation between the two vulnerabilities, this out-of-band security update might be a direct result of the fact that a bypass for the CVE-2020-14882 patch was discovered on Friday. BleepingComputer reached out to Oracle for more details and to confirm that CVE-2020-14750 was indeed issued to address last week's CVE-2020-14882 bypass, but did not hear back at the time of publication. Source
×
×
  • Create New...