Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Remote Code Execution (RCE) vulnerability in Oracle WebLogic Server
Alerts

Remote Code Execution (RCE) vulnerability in Oracle WebLogic Server

3 November 2020

Remote Code Execution (RCE) vulnerability in Oracle WebLogic Server (CVE-2020-14750)

There are reports of active exploitation in the wild on a new RCE vulnerability (CVE-2020-14750), related to CVE-2020-14882. The latter CVE was addressed in an alert issued by SingCERT on 30 October 2020.

CVE-2020-14750 is an easily exploitable vulnerability in Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0., that allows an unauthenticated attacker with network access via HTTP to compromise the server remotely without the need for a username and password. Successful exploitation can result in takeover of the Oracle WebLogic Server.

Users and System Administrators of affected products are advised to install the latest security updates immediately.

More information is available here:
https://www.oracle.com/security-alerts/alert-cve-2020-14750.html

Back to top