This report outlines vulnerabilities in Oracle WebLogic Server disclosed in the Critical Patch Update Advisory released on October 20, 2020. WebLogic Server is a platform for building Java applications either for internal or cloud deployment. Many of the vulnerabilities listed were given a CVSS score of 9.8 out of 10, indicating a high severity. CVE’s (Common Vulnerabilities and Exposures) associated with WebLogic Server in the advisory include CVE-2019-17267, CVE-2020-14882, CVE-2020-14841, CVE-2020-14825, CVE-2020-14859, CVE-2020-14820, CVE-2020-14883, CVE-2020-14757, CVE-2020-11022, and CVE-2020-9488.
Many of the Oracle WebLogic Server vulnerabilities are remotely exploitable without authentication, making them ideal targets for malicious actors that have access to automatic scanning tools and exploits. Attacks have been detected for CVE-2020-14882 via exploit attempts of many security researcher honeypots. This particular vulnerability is for the admin console component of the WebLogic server and would require the console to be accessible to the attacker.
SANS Internet Storm Center has monitored scanning activity for this vulnerability and determined that exposed WebLogic Server vulnerable to these attacks have most likely been compromised. A proof-of-concept exploit has been publicly posted and shared on Twitter for this particular vulnerability, which appears to be the catalyst for the scanning activity.
• 10.3.6.0.0, 220.127.116.11.0, 18.104.22.168.0, 22.214.171.124.0, 126.96.36.199.0
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.