Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Oracle Issues Out-of-Band Update for Remote-Access Vulnerability
The exploit could give an attacker complete control of vulnerable WebLogic servers.
1 Min Read
Oracle has issued an out-of-band update for a CVE with a CVSS score of 9.8 - the second such CVE in a matter of days. The new update addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. A successful attack would allow an unauthorized user complete control of the server.
According to the post announcing the update, CVE-2020-14750 is related to CVE-2020-14882, which the company addressed in its October 2020 Critical Patch Update. The vulnerabilities are considered to be highly critical because they are simple, and can be exploited remotely and without authentication: no user name or password required.
According to Johannes Ullrich of the SANS Institute, "All IPv4 addresses have been scanned for this vulnerability. If you find a vulnerable server in your network: Assume it has been compromised." Oracle has recommended that customers with vulnerable WebLogic servers apply the update immediately.
For more, read here.
About the Author
You May Also Like
More Insights
Webinars
Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024The Unreasonable Effectiveness of Inside Out Attack Surface Management
Dec 4, 2024
