On October 20, 2020, Tencent Security noticed that Oracle released a patch update advisory. It revealed WebLogic vulnerabilities, among which CVE-2020-14882 and CVE-2020-14883 existed in the WebLogic console, a default component on all WebLogic versions. Attackers can exploit CVE-2020-14882 and CVE-2020-14883 to execute arbitrary code on the server, obtain system permissions, and control the server without authorization, compromising data confidentiality, integrity, and availability.
All Tencent Security services have upgraded rules and vulnerability libraries accordingly to prevent attacks.
To safeguard your business, we recommend you conduct a security inspection in time. If your business is affected, update it to fix the vulnerability promptly and prevent intrusions by attackers.
Attackers can exploit the vulnerabilities to control Oracle WebLogic Server, compromising data confidentiality, integrity, and availability.
A new version has been officially released to fix the vulnerabilities. Tencent Security recommends you:
For more information, see Oracle Critical Patch Update Advisory - October 2020.
Contact our sales team or business advisors to help your business.
Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.
Was this page helpful?