Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Oracle WebLogic Server Vulnerabilities (CVE-2020-14882 and CVE-2020-14883)
Alerts

Active Exploitation of Oracle WebLogic Server Vulnerabilities (CVE-2020-14882 and CVE-2020-14883)

30 October 2020

Oracle released a critical patch update in October 2020 to address severe WebLogic Server vulnerabilities. 

The proof of concept exploit for two major vulnerabilities is now publicly available. There have been reports of active exploitation of these vulnerabilities.

They are:

  • CVE-2020-14882 - Easily exploitable vulnerability in Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0, that allows an unauthenticated attacker with network access via HTTP to compromise the Oracle WebLogic Server. Successful exploitation can result in takeover of Oracle WebLogic Server.

  • CVE-2020-14883 - Easily exploitable vulnerability in Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0, that allows a high privileged attacker with network access via HTTP to compromise the Oracle WebLogic Server. Successful exploitation can result in takeover of Oracle WebLogic Server. 

Users and System Administrators of affected products are advised to install the latest security updates immediately. 

More information is available here:

https://www.oracle.com/security-alerts/cpuoct2020traditional.html

https://nvd.nist.gov/vuln/detail/CVE-2020-14882

https://nvd.nist.gov/vuln/detail/CVE-2020-14883

Back to top