Warning: Critical Oracle WebLogic flaw actively targeted in attacks, CVE-2020-14750 CVSS 9.8 RCE
CVE-2020-14750 - 9.8 CVSS V3(CRITICAL)
Successful exploitation of this flaw could allow an unauthenticated attacker to execute arbitrary code resulting in a complete compromise of the vulnerable system
The remote code execution (RCE) vulnerability in Oracle WebLogic server assigned CVE - 2020 - 14750 allows a remote attacker to arbitrary execute code on the target system.
According to the vendor, this vulnerability is related to CVE-2020-14882, which was patched in October 2020 and allows a remote attacker to fully compromise an Oracle WebLogic Server without a username and password via a single HTTP get request.
This vulnerability exists due to improper input validation allowing a remote attacker can send a specially crafted request and execute arbitrary code on the target system.
CERT.be recommends to System administrators to install the latest updates released by the vendor for the affected versions: https://www.oracle.com/security-alerts/cpuoct2020.html