In April, within the monthly Critical Patch Update Advisory addressing hundreds of vulnerabilities, Oracle released an update about a critical vulnerability affecting WebLogic Server. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. This bug, assigned with CVE-2020-2883, is now being reported by Oracle as being actively exploited in the wild.
Lien vers l'article source