UIT Service Advisory
Please note, critical and easily exploitable remote source code execution vulnerabilities (CVE-2020-14882, CVE-2020-14825, CVE-2020-14841, CVE-2020-14859) present in Oracle WebLogic Server, are being targeted by attackers. We recommend the installation of the latest update released from Oracle.
Severity level
CVSS Score: 9.8 (Critical)
Description:-
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
Affected Versions
10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
Impact
Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server
Resolution
Oracle released the Critical Patch Update (CPU) Advisory for October 2020
https://www.oracle.com/security-alerts/cpuoct2020.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-14882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14882
We thank you for your continued support and cooperation.
Please direct any questions or concerns to UIT Client Services.
Email: askit@yorku.ca
Self Serve Portal: http://askit.yorku.ca
Thank you,
University Information Technology
