Oracle released a new warning that a previously patched Weblogic vulnerability CVE-2020-2883 is being exploited in the wild. The company urged organizations should apply April CPUs without delay.
The warning comes nearly two weeks after the Oracle Critical Patch Update (CPU) for April that included 297 vulnerability fixes across multiple products.
“Oracle has recently received reports of attempts to maliciously exploit a number of recently-patched vulnerabilities, including vulnerability CVE-2020-2883, which affects multiple versions of Oracle WebLogic Server,” Eric Maurice, Director of Security Assurance for Oracle said in a recent blog post.
The Weblogic Critical severity vulnerability is one of 52 Fusion Middleware vulnerabilities (13 of them rated Critical) patched last month.
To add, a remote unauthenticated attacker with network access (via T3) could potentially exploit the vulnerability to compromise and take over an impacted Oracle WebLogic Server.
Oracle did not provide any further CVE details on other vulnerabilities under active attack in the recent security update.