"Oracle: Unpatched Versions of WebLogic App Server Under Active Attack"
Oracle has recently released its April 2020 Critical Patch update, which fixed 405 flaws, including 286 that were remotely exploitable across nearly two dozen product lines. One major vulnerability named CVE-2020-2883 affected Oracle's WebLogic server, which is a popular application server that is used in building and deploying enterprise Java EE applications. CVE-2020-2883 is a remote code execution flaw, which could have been exploited by unauthenticated attackers to take over unpatched systems. Since this vulnerability was patched, Oracle has received numerous reports that adversaries are still targeting CVE-2020-2883. Attackers have been successful in exploiting this patched vulnerability because some targeted customers have failed to apply the available Oracle patches. Oracle is strongly recommending that customers remain on actively-supported versions and should apply Critical Patch Update security patches right when they are released, and without delay.
Threatpost reports: "Oracle: Unpatched Versions of WebLogic App Server Under Active Attack"