tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Web Application Firewall
    Documentation
    Download PDF

    Notice for WebLogic Console HTTP RCE Vulnerability

    Last updated: 2022-06-23 11:14:26
    Download PDF

      Vulnerability Details

      On October 20, 2020, Tencent Security noticed that Oracle released a patch update advisory. It revealed WebLogic vulnerabilities, among which CVE-2020-14882 and CVE-2020-14883 existed in the WebLogic console, a default component on all WebLogic versions. Attackers can exploit CVE-2020-14882 and CVE-2020-14883 to execute arbitrary code on the server, obtain system permissions, and control the server without authorization, compromising data confidentiality, integrity, and availability.
      All Tencent Security services have upgraded rules and vulnerability libraries accordingly to prevent attacks.
      To safeguard your business, we recommend you conduct a security inspection in time. If your business is affected, update it to fix the vulnerability promptly and prevent intrusions by attackers.

      Risk Level

      High Risk

      Vulnerability Risk

      Attackers can exploit the vulnerabilities to control Oracle WebLogic Server, compromising data confidentiality, integrity, and availability.

      Affected Versions

      Oracle WebLogic Server 10.3.6.0.0
      Oracle WebLogic Server 12.1.3.0.0
      Oracle WebLogic Server 12.2.1.3.0
      Oracle WebLogic Server 12.2.1.4.0
      Oracle WebLogic Server 14.1.1.0.0

      Suggestions for Fix

      A new version has been officially released to fix the vulnerabilities. Tencent Security recommends you:
      Recommendation solution: Install the patch in time.
      Use WAF to block similar WebLogic vulnerability attacks.

      References

      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy