tencent cloud

Web Application Firewall

Release Notes and Announcements
Release Notes
Product Announcement
Security Advisory
User Guide
Product Introduction
Overview
Product Category
Strengths
Scenarios
Plans and Editions
Supported Regions
Basic Concepts
Purchase Guide
Billing Overview
Purchase Guide
WAF Plan Upgrade Method
Renewing Connections
Payment Overdue
Refund
Getting Started
Getting Started
FAQs for Beginners
Operation Guide
Overview
Connection Management
Security Operations
Protection Policies
Service Settings
Practical Tutorial
WAF CCP Overview
Bot Management
API Security
Integration
Protection Configuration
API Documentation
History
Introduction
API Category
Making API Requests
Asset Management APIs
Billing APIs
Protection Settings APIs
Other APIs
IP Management APIs
Integration APIs
Log Service APIs
Security Overview APIs
Rule Engine APIs
Data Types
Error Codes
FAQS
Product Consultation
Connection
Usage
Permissions
Sandbox Isolation Status
Service Level Agreement
WAF Policy
Privacy Policy
Data Processing And Security Agreement
Contact Us
Glossary
DocumentationWeb Application FirewallRelease Notes and Announcements Security AdvisoryNotice for WebLogic Console HTTP RCE Vulnerability

Notice for WebLogic Console HTTP RCE Vulnerability

PDF
Focus Mode
Font Size
Last updated: 2022-06-23 11:14:26

Vulnerability Details

On October 20, 2020, Tencent Security noticed that Oracle released a patch update advisory. It revealed WebLogic vulnerabilities, among which CVE-2020-14882 and CVE-2020-14883 existed in the WebLogic console, a default component on all WebLogic versions. Attackers can exploit CVE-2020-14882 and CVE-2020-14883 to execute arbitrary code on the server, obtain system permissions, and control the server without authorization, compromising data confidentiality, integrity, and availability.
All Tencent Security services have upgraded rules and vulnerability libraries accordingly to prevent attacks.
To safeguard your business, we recommend you conduct a security inspection in time. If your business is affected, update it to fix the vulnerability promptly and prevent intrusions by attackers.

Risk Level

High Risk

Vulnerability Risk

Attackers can exploit the vulnerabilities to control Oracle WebLogic Server, compromising data confidentiality, integrity, and availability.

Affected Versions

Oracle WebLogic Server 10.3.6.0.0
Oracle WebLogic Server 12.1.3.0.0
Oracle WebLogic Server 12.2.1.3.0
Oracle WebLogic Server 12.2.1.4.0
Oracle WebLogic Server 14.1.1.0.0

Suggestions for Fix

A new version has been officially released to fix the vulnerabilities. Tencent Security recommends you:
Recommendation solution: Install the patch in time.
Use WAF to block similar WebLogic vulnerability attacks.

References

Previous Topic: Notice for Apache Log4j 2 RCE Vulnerability (CVE-2021-44228)Next Topic: Notice for Yonyou GRP-U8 SQL Injection Vulnerability

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback