Oracle: Unpatched Versions of WebLogic App Server Under Active Attack
Oracle has stated that although it patched the CVE-2020-2883 vulnerability in its April 2020 Critical Patch Update, a proof of concept exploit was published soon after. The company is now advising customers to fast track a patch for the flaw that lies in its WebLogic Server that is still under active attack. Oracle stated that although the vulnerability was patched last month, the company has received numerous reports that it is actively being targeted by attackers.
The vulnerability is a remote code execution (RCE) flaw that can be exploited by attackers to take over unpatched systems, therefore, Oracle is urging customers to install the new update as soon as possible. Oracle WebLogic Server is used in building and deploying Java EE applications. Last week, Oracle stated that the April patch update fixed 405 flaws, including 286 remotely exploitable ones.