Application Security , Breach Notification , Incident & Breach Response

CISA and Oracle Warn Over WebLogic Server Vulnerability

Software Giant Issues Rare Out-of-Band Fix For 'Severe' Bug
CISA and Oracle Warn Over WebLogic Server Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency and Oracle are urging users to apply an emergency patch for a vulnerability in the software giant's WebLogic Server product that attackers are already exploiting, according to security researchers.

See Also: Embracing Digital Risk Protection: Take Your Threat Intelligence to the Next Level

On Sunday, Oracle issued a rare out-of-band patch for the vulnerability, which is tracked as CVE-2020-14750 and has a CVSS score of 9.8 out of a possible 10, according to the alert.

Following Oracle pushing out the patch, CISA issued its alert about CVE-2020-14750 on Monday, urging government and non-government users of WebLogic Servers to apply the patch as soon as possible.

CVE-2020-14750

Oracle first addressed the vulnerability in its WebLogic Servers product during the company's October security update. At that point, the flaw was tracked as CVE-2020-14882, according to the update.

Due to the severity of the flaw, however, Oracle pushed out an additional fix that addresses concerns about the vulnerability in WebLogic, according to the alert.

CVE-2020-14750 is a remote code execution vulnerability within the WebLogic Server product and can be exploited over a network without the need for a username and password, according to the alert. To exploit the vulnerability, a threat actor would only have to send a malicious HTTP request to the WebLogic Server's management console to initiate the attack.

Once the vulnerability has been exploited, then an attacker can run malicious code within WebLogic Server, according to the alert.

The company's alert notes that several versions of WebLogic Server products are affected by CVE-2020-14750, including 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0

"Due to the severity of this vulnerability and the publication of exploit code on various sites, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible," Oracle notes.

Active Exploits

A few days after Oracle announced the original vulnerability in its October security update, researchers noted that proof-of-concept attacks had already appeared and warned the flaw was under active exploit.

Johannes Ullrich, dean of research at the SANS Technology Institute, published a post on Oct. 29 that noted the organization's honeypots had detected internet-wide scans that were looking for potentially unpatched and vulnerable WebLogic Servers.

"At this point, we are seeing the scans slow down a bit," Ullrich noted. "But they have reached 'saturation' meaning that all IPv4 addresses have been scanned for this vulnerability. If you find a vulnerable server in your network: Assume it has been compromised."

Other proof-of-concept exploits have also been posted to GitHub.

Security firm Spyse reported that some 3,000 Oracle WebLogic Severs are unpatched for the CVE-2020-14750 vulnerability.

In addition to CVE-2020-14750, CISA has been urging government and non-government organizations to patch for another severe vulnerability dubbed "Zerologon," which affects certain versions of Windows. In this case, a partial fix is available, but Microsoft will only roll out a full patch in the first half of 2021 (see: Agencies Urged to Patch Netlogon Flaw Before Election).


About the Author

Chinmay Rautmare

Chinmay Rautmare

Senior Correspondent

Rautmare is senior correspondent on Information Security Media Group's Global News Desk. He previously worked with Reuters News, as a correspondent for the North America Headline News operations and reported on companies in the technology, media and telecom sectors. Before Reuters he put in a stint in broadcast journalism with a business channel, where he helped produced multimedia content and daily market shows. Rautmare is a keen follower of geo-political news and defense technology in his free time.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.