Web Application Firewall
- Release Notes and Announcements
- Product Announcement
- Security Advisory
- Product Introduction
- Purchase Guide
- Billing Overview
- Getting Started
- Operation Guide
- SaaS WAF Connection
- CLB WAF Connection
- Connect Via Instance Object
- Bot and Application Security
- Bot Settings
- Bot Management
- Bot Traffic Visibility
- Basic Security Configurations
- API Security Management
- Threat Operation
- Blocklist/Allowlist Protection Settings
- Statistics and Logs
- Practical Tutorial
- Bot Management
- API Security
- Integration
- API Documentation
- Making API Requests
- Asset Management APIs
- Protection Settings APIs
- Other APIs
- IP Management APIs
- Integration APIs
- Security Overview APIs
- FAQS
DocumentationWeb Application FirewallRelease Notes and Announcements Security AdvisoryNotice for WebLogic Console HTTP RCE Vulnerability
Notice for WebLogic Console HTTP RCE Vulnerability
Last updated: 2022-06-23 11:14:26
Vulnerability Details
On October 20, 2020, Tencent Security noticed that Oracle released a patch update advisory. It revealed WebLogic vulnerabilities, among which CVE-2020-14882 and CVE-2020-14883 existed in the WebLogic console, a default component on all WebLogic versions. Attackers can exploit CVE-2020-14882 and CVE-2020-14883 to execute arbitrary code on the server, obtain system permissions, and control the server without authorization, compromising data confidentiality, integrity, and availability.
All Tencent Security services have upgraded rules and vulnerability libraries accordingly to prevent attacks.
To safeguard your business, we recommend you conduct a security inspection in time. If your business is affected, update it to fix the vulnerability promptly and prevent intrusions by attackers.
Risk Level
High Risk
Vulnerability Risk
Attackers can exploit the vulnerabilities to control Oracle WebLogic Server, compromising data confidentiality, integrity, and availability.
Affected Versions
Oracle WebLogic Server 10.3.6.0.0
Oracle WebLogic Server 12.1.3.0.0
Oracle WebLogic Server 12.2.1.3.0
Oracle WebLogic Server 12.2.1.4.0
Oracle WebLogic Server 14.1.1.0.0
Suggestions for Fix
A new version has been officially released to fix the vulnerabilities. Tencent Security recommends you:
Recommendation solution: Install the patch in time.
Use WAF to block similar WebLogic vulnerability attacks.
References
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No