Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Remote Code Execution (RCE) vulnerability in Oracle WebLogic Server
Alerts

Remote Code Execution (RCE) vulnerability in Oracle WebLogic Server

3 November 2020

Remote Code Execution (RCE) vulnerability in Oracle WebLogic Server (CVE-2020-14750)

There are reports of active exploitation in the wild on a new RCE vulnerability (CVE-2020-14750), related to CVE-2020-14882. The latter CVE was addressed in an alert issued by SingCERT on 30 October 2020.

CVE-2020-14750 is an easily exploitable vulnerability in Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0., that allows an unauthenticated attacker with network access via HTTP to compromise the server remotely without the need for a username and password. Successful exploitation can result in takeover of the Oracle WebLogic Server.

Users and System Administrators of affected products are advised to install the latest security updates immediately.

More information is available here:
https://www.oracle.com/security-alerts/alert-cve-2020-14750.html

Back to top