www.belgium.be Logo of the federal government

Warning: Critical Oracle WebLogic flaw actively targeted in attacks, CVE-2020-14882 CVSS 9.8 RCE

Reference: 
Advisory #2020-033
Version: 
1.0
Affected software: 
Oracle Weblogic Server 10.3.6
Oracle Weblogic Server 12.1.3
Oracle Weblogic Server 12.2.1.3
Oracle Weblogic Server 12.2.1.4
Oracle Weblogic Server 14.1.1.0
Type: 
Remote Code Execution (RCE)
CVE/CVSS: 

CVE-2020-14882 - 9.8 CVSS V3(CRITICAL)

Date: 
30/10/2020

Sources

https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-20... (Foreign language)

Risks

CVE-2020-14882 can be exploited by an unauthenticated attacker by sending a simple HTTP GET request leading to a full compromise of a vulnerable system.

Description

There is an increased activity of threat actors scanning the Internet for servers running vulnerable installs of Oracle WebLogic in the attempt of exploiting the critical flaw tracked as CVE-2020-14882.

CVE-2020-14882 can be exploited by an unauthenticated attacker by sending a simple HTTP GET request leading to a full compromise of a vulnerable system.

Oracle fixed the vulnerability in this month’s release of Critical Patch Update (CPU).

Recommended Actions

CERT.be recommends to System administrators to install the latest updates released by the vendor for the affected versions: https://www.oracle.com/security-alerts/cpuoct2020.html

References

https://www.oracle.com/security-alerts/cpuoct2020.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14882
https://www.bleepingcomputer.com/news/security/critical-oracle-weblogic-...