Skip to content
  • Why Deepwatch?
    • Squad Delivery Model
    • Deepwatch Platform
    • Deepwatch Secure Score
    • Deepwatch Labs
  • Solutions
    • Managed Detection and Response (MDR)
      • MDR Enterprise
      • MDR Essentials
    • Managed Extended Detection Response (MXDR)
    • Endpoint Detection and Response (EDR)
    • Vulnerability Management (VM)
    • Firewall Management Solution
  • Company
    • About
    • Leadership
    • Careers
    • Contact
  • Partners
    • Channel Partners
    • Technology Alliance Partners
  • Resources
    • Resource Library
    • Blog
    • Case Studies
    • eBooks
    • Whitepapers
    • Datasheets
    • Video
    • Newsroom
    • Events
  • Search
  • Ready to Talk?
×

New Research Report: Security Leaders' Top Challenges & Priorities for 2023

Read Now
11.04.20

Oracle WebLogic Vulnerability

By Greg Alexander, 

Oracle has released an out of band patch for vulnerability CVE-2020-14750. It has been given a 9.8 out of 10 base score on CVSS 3.1. The high CVSS score is due to the vulnerability being able to be remotely exploited without credentials.

Details of the flaw were not disclosed. The vulnerability appears to be in the Console of the Oracle WebLogic Server and can be exploited via the HTTP network protocol. Attacks are similar to CVE-2020-14882, for which Oracle released a patch in October of 2020, that does not require user interaction and can be exploited remotely through networks without the need for a username or password.

Oracle has stated that the vulnerability “is related to” CVE-2020-14882, which is another remote code-execution flaw in WebLogic Servers that Oracle patched in the October 2020 release. However, security professionals have pointed out that a patched CVE-2020-14882 could be bypassed by merely changing the case of a character in the request by sidestepping the path-traversal blacklist that was implemented to block the flaw

What is the Potential Impact?

An unspecified vulnerability exists in the Core component of WebLogic Servers. Unauthenticated attackers that have network access via HTTP can exploit the server and take over the Oracle WebLogic Server.

The following versions of Oracle WebLogic are vulnerable:

  • 10.3.6.0.0
  • 12.1.3.0.0
  • 12.2.1.3.0
  • 12.2.1.4.0
  • 14.1.1.0.0

Oracle believes that older versions are also vulnerable and recommends customers to update to a support version of Oracle WebLogic.




Oracle WebLogic Vulnerability Mitigation

We strongly suggest that organizations download and apply Oracle’s latest patch for their Fusion Middleware software.

Detecting CVE-2020-16898 and CVE-2020-16899

Vulnerability Management:

  • Qualys has released QID 87433 for detection of the vulnerability, but QID 90235 can be used to assist in identifying if WebLogic is installed on systems.
  • Tenable has released the following plugin 141807 to detect this vulnerability.
    • You can find the specific plugin at https://www.tenable.com/plugins/nessus/141807

Supporting information

  • https://www.oracle.com/a/tech/docs/cpuoct2020cvrf.xml
  • https://www.oracle.com/security-alerts/cpuoct2020.html
  • https://www.tenable.com/plugins/nessus/141807
  • https://threatpost.com/oracle-update-weblogic-server-flaw/160889/
  • https://www.oracle.com/security-alerts/alert-cve-2020-14750.html#AppendixFMW
  • https://www.tripwire.com/state-of-security/vert/actively-exploited-weblogic-vulnerability/
  • https://blog.rapid7.com/2020/10/29/oracle-weblogic-unauthenticated-complete-takeover-cve-2020-14882-what-you-need-to-know/

Subscribe to the Deepwatch Insights Blog

Post navigation

Previous post

ZeroLogon Threat Review

Next post

Summary of Deepwatch’s Actions in Response to Sunburst IOC

Deepwatch

DENVER
OFFICE & SOC

7800 East Union Avenue
Suite 900
Denver, CO 80237 USA
855.303.3033

TAMPA
OFFICE & SOC

4030 W Boy Scout Blvd.
Suite 550
Tampa, FL 33607 USA
855.303.3033

[email protected]

Why Deepwatch

  • Squad Delivery Model
  • Deepwatch Platform
  • Deepwatch Secure Score
  • Deepwatch Labs

Solutions

  • Managed Detection and Response (MDR)
  • MDR Essentials
  • MDR Enterprise
  • Managed Extended Detection Response (MXDR)
  • Endpoint Detection and Response (EDR)
  • Vulnerability Management (VM)
  • Firewall Management Solution

Company

  • About Us
  • Leadership
  • Careers
  • Contact

Resources

  • Resource Library
  • Insights Blog
  • News
  • Events

Partners

  • Channel Partners
  • Technology Alliance Partners

Contact

  • Let's Talk
  • Customer Login
  • Partner Login
GDPR Badge PCI Badge SOC2 Badge TRUSTe
LinkedIn Twitter YouTube YouTube

© Copyright 2023 Deepwatch incorporated

Trust | Sitemap | Privacy Policy