Oracle warned hackers to deliberately exploit recently patched CVE-2020-2883 vulnerability, which affects many versions of Oracle WebLogic Server.
As part of the April 2020 critical patch update, Oracle has patched the vulnerability, fixing over 405 vulnerabilities like CVE-2020-2883.
WebLogic Flaw – CVE-2020-2883
The bug allows attackers to execute arbitrary code without authentication on the affected version of the Oracle WebLogic.
The weakness lies with the proprietary Oracle T3 protocol and can be activated in a T3 protocol message with designed data, the ZDI advisory reads.
A weakness can be exploited by an attacker to execute the code in the current method.
A security researcher believes that the vulnerability is being exploited and published in the GitHub with a legitimate proof-of-concept file.
This exploit includes CVE-2020-2546, CVE-2020-2915, CVE-2020-2801, CVE-2020-398, CVE-2020-2883, CVE-2020-2884, CVE-2020-2950 vulnerabilities. This vulnerability is not included.
Oracle Director of Security Assurance Eric Maurice, said that “they have recently received reports of attempts to maliciously exploit several recently-patched vulnerabilities, including vulnerability CVE-2020-2883, which affects multiple versions of Oracle WebLogic Server.”
The vulnerability can be abused by attackers to crack corporate networks and install malware.
The critical patch update for April 2020, which includes 405 new security updates, is highly recommended by Oracle.
WebLogic Server vulnerabilities are not uncommon; Oracle WebLogic vulnerabilities are exploited to install ransomware and crypto miners by threats.