• Login
  • Let's Talk
  • Login
  • Let's Talk
  • Services
    • Managed Detection & Response
    • Managed Endpoint Detection & Response
    • Vulnerability Management
  • Company
    • About Us
    • Careers
    • Leadership
    • Industries
  • Differentiators
    • Squad Delivery Model
    • Cloud SecOps Platform
    • Maturity Model
    • Content Library
    • Threat Hunting
    • Lens Score
  • Partners
    • Reseller Partners
    • Technology Partners
  • Resources
    • Resource Library
    • News & Events
    • Insider Blog
  • Contact
    • Let's Talk
    • Customer Login
    • Partner Login
  • Linkedin
  • Twitter
11.04.20

Vulnerability SPOT Report

Oracle WebLogic Vulnerability

By Greg Alexander

Oracle has released an out of band patch for vulnerability CVE-2020-14750. It has been given a 9.8 out of 10 base score on CVSS 3.1. The high CVSS score is due to the vulnerability being able to be remotely exploited without credentials.

Details of the flaw were not disclosed. The vulnerability appears to be in the Console of the Oracle WebLogic Server and can be exploited via the HTTP network protocol. Attacks are similar to CVE-2020-14882, for which Oracle released a patch in October of 2020, that does not require user interaction and can be exploited remotely through networks without the need for a username or password.

Oracle has stated that the vulnerability “is related to” CVE-2020-14882, which is another remote code-execution flaw in WebLogic Servers that Oracle patched in the October 2020 release. However, security professionals have pointed out that a patched CVE-2020-14882 could be bypassed by merely changing the case of a character in the request by sidestepping the path-traversal blacklist that was implemented to block the flaw

What is the Potential Impact?

An unspecified vulnerability exists in the Core component of WebLogic Servers. Unauthenticated attackers that have network access via HTTP can exploit the server and take over the Oracle WebLogic Server.

The following versions of Oracle WebLogic are vulnerable:

  • 10.3.6.0.0
  • 12.1.3.0.0
  • 12.2.1.3.0
  • 12.2.1.4.0
  • 14.1.1.0.0

Oracle believes that older versions are also vulnerable and recommends customers to update to a support version of Oracle WebLogic.




Oracle WebLogic Vulnerability Mitigation

We strongly suggest that organizations download and apply Oracle’s latest patch for their Fusion Middleware software.

Detecting CVE-2020-16898 and CVE-2020-16899

Vulnerability Management:

  • Qualys has released QID 87433 for detection of the vulnerability, but QID 90235 can be used to assist in identifying if WebLogic is installed on systems.
  • Tenable has released the following plugin 141807 to detect this vulnerability.
    • You can find the specific plugin at https://www.tenable.com/plugins/nessus/141807

Supporting information

  • https://www.oracle.com/a/tech/docs/cpuoct2020cvrf.xml
  • https://www.oracle.com/security-alerts/cpuoct2020.html
  • https://www.tenable.com/plugins/nessus/141807
  • https://threatpost.com/oracle-update-weblogic-server-flaw/160889/
  • https://www.oracle.com/security-alerts/alert-cve-2020-14750.html#AppendixFMW
  • https://www.tripwire.com/state-of-security/vert/actively-exploited-weblogic-vulnerability/
  • https://blog.rapid7.com/2020/10/29/oracle-weblogic-unauthenticated-complete-takeover-cve-2020-14882-what-you-need-to-know/
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Linkedin
  • Share by Mail

Subscribe to the deepwatch Insider Blog

Greg Alexander

Greg Alexander is a Vulnerability Management Program Manager for deepwatch, supporting multiple customers. He obtained his Bachelor of Science degree in Information Resource Management and his Master’s of Science in Information Systems Technologies – Information Assurance, both from Wilmington University. During his time at Wilmington University, he also received a graduate certificate in SCADA Cyber Security. In his off time, he loves to watch his son play baseball.

Related Posts

Vulnerability SPOT Report

02.25.21

CVE-2021-21972 - Vulnerability Found in VMware vCenter Servers and Cloud Foundation

read more

Vulnerability SPOT Report

01.27.21

Sudo Vulnerability

read more

Vulnerability SPOT Report

10.19.20

ZeroLogon Threat Review

read more

let’s talk.

let’s talk.

deepwatch delivers results-driven managed security services by extending customers’ cybersecurity teams and proactively advancing their SecOps maturity. Powered by its cloud SecOps platform, deepwatch is trusted by leading global organizations to provide 24/7/365 managed security services.

deepwatch Footer Certification Icons
TRUSTe
  • Linkedin
  • Twitter
  • Services
    • Managed Detection & Response
    • Managed Endpoint Detection & Response
    • Vulnerability Management
  • Company
    • About Us
    • Leadership
    • Careers
    • Industries
  • Differentiators
    • Squad Delivery Model
    • Cloud SecOps Platform
    • Maturity Model
    • Content Library
    • Threat Hunting
    • Lens Score
  • Resources
    • Resource Library
    • News & Events
    • Insider Blog
  • Partners
    • Reseller Partners
    • Technology Partners
  • Contact
    • Let's Talk
    • Customer Login
    • Partner Login
  • Services
    • Managed Detection & Response
    • Managed Endpoint Detection & Response
    • Vulnerability Management
  • Company
    • About Us
    • Leadership
    • Careers
    • Industries
  • Contact
    • Let's Talk
    • Customers Login
    • Partner Login
  • Differentiators
    • Squad Delivery Model
    • Cloud SecOps Platform
    • Maturity Model
    • Content Library
    • Threat Hunting
    • Lens Score
  • Resources
    • Resource Library
    • News & Events
    • Insights Blog
  • Partners
    • Reseller Partners
    • Technology Partners
Top

© Copyright 2021 deepwatch incorporated

Sitemap | Privacy Policy

Top
Scroll to top