Oracle Alerts Users About Active Exploitation Of Recently Patched WebLogic Bug

Oracle alerts users to update their systems at the earliest as they spot active exploitation of recently patched WebLogic bug.

Oracle WebLogic Bug Under Exploit

In a recent advisory, Oracle has strongly advised all users to swiftly update their devices. Oracle has reportedly found active attacks on a recently patched WebLogic bug. Upon exploitation, the bug allows a remote attacker to execute arbitrary codes on target devices.

Specifically, the bug in question is CVE-2020-2883 that separately caught the attention of multiple security researchers. About this vulnerability, ZDI, whose researchers was also among the ones who reported this flaw, stated in an advisory,

The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can trigger the deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process.

Triggering this bug in the WebLogic Server core does not require any authentication for the attacker. Hence, the bug poses a serious threat to vulnerable systems. Oracle has labeled it as a high-severity flaw with a severity base score of 9.8.

Though, the vulnerability surfaced online after the vendors addressed it. However, Oracle detected its active exploitation after its PoC exploit appeared on GitHub the next day. This shows how vigilant the hackers are to exploit such bugs to hijack WebLogic servers, which they could then use for cryptomining, ransomware attacks, and data breaches.

Oracle Patched The Bug Already

When Oracle received the reports of this vulnerability, they released a patch for it with their scheduled April 2020 updates.

However, the exploitation of the bug in the wild suggests that many users have still not updated their systems. Hence, they can easily fall prey to cyber attacks.

Therefore, the vendors have strongly urged all users to install the updates on their respective devices to stay safe.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients