ACTION ALERT (Patreon)

Published:

2020-12-09 20:00:03

Imported:

2022-07

Content

This attack against Oracle WebLogic is being actively used. To remediate, immediately install the patch Oracle issued in October. People should also patch CVE-2020-14750, a separate but related vulnerability that Oracle fixed in an emergency update two weeks after issuing a patch for CVE-2020-14882.

Files

Oracle vulnerability that executes malicious code is under active attack

Attackers are targeting a recently patched Oracle WebLogic vulnerability that allows them to execute code of their choice, including malware that makes servers part of a botnet that steals passwords and other sensitive information. WebLogic is a Java enterprise application that supports a variety of databases.