Oracle is urging users to apply patches it released last month as part of its quarterly Critical Patch Update. Oracle says it has learned that several of the patched flaws are being actively exploited. One of those, CVE-2020-2883, is a critical remote code execution flaw in WebLogic Server.
A PoC exploit was released the day after the patch. Oracle only discovering now that this vulnerability is being actively exploited is a bit late. If you haven’t patched yet, your first call should be your incident response team. Unless they are quite skilled, they will find a crypto coin miner, and call it a day, leaving the actual compromise undetected. You may want to read up on ransomware as this is probably what will hit you next.
The failure to « patch » in a timely manner demonstrates that the strategy of placing responsibility for the quality of software on the end user is not merely expensive but ineffective.
Read more in:
– blogs.oracle.com: Customers should apply the April 2020 Critical Patch Update without delay!
– www.zdnet.com: Oracle warns of attacks against recently patched WebLogic security bug
– threatpost.com: Oracle: Unpatched Versions of WebLogic App Server Under Active Attack