Oracle patches severe flaw in WebLogic Server that could be exploited 'without the need for a username and password'
Credit:
Wikipedia
Oracle has released an emergency patch after a security vulnerability was revealed in its WebLogic middleware last week.
The security alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server.
"This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. It is remotely exploitable without authentication, i.e. may be exploited over a network without the need for a username and password," Oracle said in a security alert. "Due to the severity of this vulnerability and the publication of exploit code on various sites, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible."