Oracle: Unpatched Versions of WebLogic App Server Under Active Attack


Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. The company said it has received numerous reports that attackers were targeting the vulnerability patched last month.

Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The server has a remote code execution flaw, CVE-2020-2883, that can be exploited by unauthenticated attackers to take over unpatched systems.

Eric Maurice, director of security assurance, said in a post last week that the flaw was addressed in Oracle’s April 2020 Critical Patch Update, which fixed 405 flaws, including 286 that were remotely exploitable across nearly two dozen product lines.

Read more…
Source: ThreatPost