CVE-2020-14750 - Oracle WebLogic Server ~ Dirk Nachbar: This Blog is discontinued, its only read-only

Monday, November 2, 2020

CVE-2020-14750 - Oracle WebLogic Server

Posted by Dirk Nachbar on Monday, November 02, 2020

Today on 2nd November 2020 Oracle released overlay patches for the CVE-2020-14750 (https://www.oracle.com/security-alerts/alert-cve-2020-14750.html).

This CVE-2020-14750 got a score of 9.8 out of 10. According to SANS ISC InfoSec the exploitation of this vulnerability is really trivial, see https://isc.sans.edu/forums/diary/PATCH+NOW+CVE202014882+Weblogic+Actively+Exploited+Against+Honeypots/26734/

Oracle released already overlay patches, which needs to be applied over an already patched Oracle WebLogic Server with the CPU October 2020.

Following Oracle WebLogic released are affected (https://support.oracle.com/epmos/faces/DocContentDisplay?id=2724951.1):

Oracle WebLogic Server 10.3.6

WLS PATCH SET UPDATE 10.3.6.0.201020, Patch 31641257 (https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=31641257)
Overlay Patch 32097188 for CVE-2020-14750 https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=32097188

Oracle WebLogic Server 12.1.3

WLS PATCH SET UPDATE 12.1.3.0.201020, Patch 31656851 https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=31656851
Overlay Patch 32097177 for CVE-2020-14750 https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=32097177

Oracle WebLogic Server 12.2.1.3

WLS PATCH SET UPDATE 12.2.1.3.201001, Patch 31961038 https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=31961038
Overlay Patch 32097173 for CVE-2020-14750 https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=32097173

Oracle WebLogic Server 12.2.1.4

WLS PATCH SET UPDATE 12.2.1.4.201001, Patch 31960985 https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=31960985
Overlay Patch 32097167 for CVE-2020-14750 https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=32097167

Oracle WebLogic Server 14.1.1

WLS PATCH SET UPDATE 14.1.1.0.200930, Patch 31957062 https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=31957062
Overlay Patch 32097180 for CVE-2020-14750 https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=32097180

It's strongly recommended to apply this overlay patch to your Oracle WebLogic Server environments.

Categories: CPU Patches, Oracle, Oracle WebLogic Server, Oracle WebLogic Server 12c, Oracle WebLogic Server 14c