Manoharan Mudaliar

Cyber Security Consultant

Oracle Server Web Logic Vulnerable CVE-2020-2883

Oracle Server Web Logic Vulnerable CVE-2020-2883

Oracle released notification to users about the previously disclosed vulnerability CVE-2020-2883, however, as per https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2883 the date entry created 20191210 comes with a disclaimer, seems to be resurfacing and proven to be considered as highly Vulnerable since malicious cyber actors are now targeting unpatched servers.

Known Affected version

10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0.

Advisory;

It is highly advised to review the Oracle Blog and the April 2020 Critical Patch Updates for more information and apply the necessary patches as soon as possible.

Weblogic RCE exploits explained and demonstrated by researcher

https://github.com/hktalent/CVE_2020_2546

Reference;

https://www.us-cert.gov/ncas/current-activity/2020/05/01/unpatched-oracle-weblogic-servers-vulnerable-cve-2020-2883

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2883

https://nvd.nist.gov/vuln/detail/CVE-2020-2884

https://nvd.nist.gov/vuln/search/results?adv_search=true&cpe_version=cpe%3a%2fa%3aoracle%3aweblogic_server%3a10.3.6.0.0

https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEM

https://www.securityweek.com/oracle-says-hackers-targeting-recently-patched-vulnerabilities

Posted in

Manoharan Mudaliar

Leave a Comment