Oracle’s April 2020 patch addresses, a critical flaw in Oracle WebLogic Server as CVE-2020-2883 that can be exploited by an unauthenticated user for remote code execution. It has got major attention as CVssV3 score is 9.8/10.
WebLogic is a Java-based middleware solution, with thousands of servers running online. It sits between a front-facing application and a database system. Eric Maurice, director of security assurance at Oracle, said the company had received “reports of attempts to maliciously exploit a number of recently-patched vulnerabilities.”
The specific flaw is exploited via crafted data in a T3 protocol message that can trigger the deserialization of untrusted data. The unpatched systems can be taken control over by a nefarious actor, while the server receives the data and desrializes it where WebLogic core is running malicious code underneath.
The POC is for CVE-2020-2883 can be found here.
Oracle WebLogic Server – 10.3.6.0.0, 22.214.171.124.0, 126.96.36.199.0 and 188.8.131.52.0
Qualys customers can scan their network with QID(s)# 87416, 372510 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.
References & Sources: