Introduction
WebLogic is an application server produced by Oracle, which is a middleware based on Java EE architecture. It is a Java application server used for developing, integrating, deploying and managing large distributed web applications, network applications and database applications.

Summary
In July, Oracle released an official patch note containing a total of 443 security patches, including a high-risk vulnerability in WebLogic components, CVE-2020-14645. Affected customers are recommended to install the latest official patches as soon as possible.

This vulnerability allows unauthenticated attackers to access the network through IIOP and T3. Unauthenticated attackers who successfully exploit this vulnerability may take over Oracle WebLogic Server.

Impacts
Affected Versions:
Oracle WebLogic Server 12.2.1.4.0

Timeline
July 14, 2020 Oracle released critical patch update of July 2020, including high-risk vulnerability CVE-2020-14645 in WebLogic components.
July 16, 2020 Sangfor FarSight Labs reproduced this vulnerability successfully, then released a security bulletin.

Remediation Solution
The latest patch released by Oracle has fixed this vulnerability. Please download it from the official website: https://www.oracle.com/security-alerts/cpuapr2020.html.

Sangfor Solution
For Sangfor NGAF customers, keep NGAF security protection rules up to date.

Sangfor Cloud WAF has automatically updated its database in the cloud. Those users are already protected from this vulnerability without needing to perform any additional operations.

Sangfor Cyber Command is capable of detecting attacks which exploit this vulnerability and can alert users in real time. Users can correlate Cyber Command to Sangfor NGAF to block an attacker's IP address.

Sangfor SOC makes sure that Sangfor security specialists are available 24/7 to you for any security issue. Sangfor security experts scan the customer's network environment in the first place to ensure that the customer's host is free from this vulnerability. For users with vulnerabilities, we reviewed and updated device policies to ensure protection capability against this vulnerability.

Listen To This Post

Search

Subscription

Dont Miss Our Newest Article by Subscribing to Sangfor

Related Articles

Cyber Security

Parrot TDS Infects Thousands of Websites for Targeted Malware Distribution

Date : 12 May 2022
Read Now

Cyber Security

What Is A DDOS Attack | How Does It Work | Sangfor Glossary

Date : 05 May 2022
Read Now

Cyber Security

What Is DLP (Data Loss Prevention) | Sangfor Glossary

Date : 05 May 2022
Read Now

See Other Product

Platform-X
SASE Access
EasyConnect
SSL VPN
Cyber Command - NDR Platform
Endpoint Secure
icon notification