Summary:
Oracle’s April 2020 patch addresses, a critical flaw in Oracle WebLogic Server as CVE-2020-2883 that can be exploited by an unauthenticated user for remote code execution. It has got major attention as CVssV3 score is 9.8/10.
Description:
WebLogic is a Java-based middleware solution, with thousands of servers running online. It sits between a front-facing application and a database system. Eric Maurice, director of security assurance at Oracle, said the company had received “reports of attempts to maliciously exploit a number of recently-patched vulnerabilities.”
The specific flaw is exploited via crafted data in a T3 protocol message that can trigger the deserialization of untrusted data. The unpatched systems can be taken control over by a nefarious actor, while the server receives the data and desrializes it where WebLogic core is running malicious code underneath.
The POC is for CVE-2020-2883 can be found here.
Affected Products:
Oracle WebLogic Server – 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0
Advisory:
https://www.oracle.com/security-alerts/cpuapr2020.html
https://support.oracle.com/rs?type=doc&id=2633852.1
Mitigation:
Oracle organization has updated the patch and released for CVE-2020-2883.
Qualys customers can scan their network with QID(s)# 87416, 372510 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.
References & Sources:
- https://github.com/hktalent/CVE_2020_2546
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-2883