Oracle Server Vulnerabilities, October 2020

UIT Service Advisory

 

Please note, critical and easily exploitable remote source code execution vulnerabilities (CVE-2020-14882, CVE-2020-14825, CVE-2020-14841, CVE-2020-14859) present in Oracle WebLogic Server, are being targeted by attackers.  We recommend the installation of the latest update released from Oracle. 

 

Severity level 

CVSS Score: 9.8 (Critical) 

 

Description:- 

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).  Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

 

Affected Versions 

10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 

 

Impact 

Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server 

 

Resolution 

Oracle released the Critical Patch Update (CPU) Advisory for October 2020 

 

https://www.oracle.com/security-alerts/cpuoct2020.html 

 

Reference 

https://www.tenable.com/blog/oracle-critical-patch-update-for-october-2020-addresses-402-security-updates 

https://nvd.nist.gov/vuln/detail/CVE-2020-14882 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14882 

We thank you for your continued support and cooperation.

 

Please direct any questions or concerns to UIT Client Services.

 

Email:  askit@yorku.ca
Self Serve Portal:  http://askit.yorku.ca
 
Thank you,
University Information Technology