Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Oracle Says Hackers Targeting Recently Patched Vulnerabilities

Oracle warned customers on Thursday that threat actors have been spotted attempting to exploit multiple recently patched vulnerabilities, including a critical WebLogic Server flaw tracked as CVE-2020-2883.

Oracle warned customers on Thursday that threat actors have been spotted attempting to exploit multiple recently patched vulnerabilities, including a critical WebLogic Server flaw tracked as CVE-2020-2883.

Eric Maurice, director of security assurance at Oracle, said the company had received “reports of attempts to maliciously exploit a number of recently-patched vulnerabilities.” He only mentioned CVE-2020-2883, but advised customers to install the latest patches as soon as possible.

Oracle’s April 2020 Critical Patch Update (CPU) resolves nearly 400 vulnerabilities, including CVE-2020-2883, a critical flaw in Oracle WebLogic Server that can be exploited by an unauthenticated attacker for remote code execution.

Oracle has credited several people for independently reporting this vulnerability, including Bui Duong from Viettel Cyber Security, Jang of VNPT ISC, Kaki King, lufei from Qi An Xin Group, and Quynh Le of VNPT ISC.

Quynh Le reported his findings to Oracle through Trend Micro’s Zero Day Initiative (ZDI), which recently published advisories describing two variants of CVE-2020-2883 identified by the researcher in February and March.

“The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can trigger the deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process,” ZDI’s advisory reveals.

CVE-2020-2883 is one of the several WebLogic Server vulnerabilities for which a researcher claims to have published proof-of-concept (PoC) code.

It’s not uncommon for malicious actors to exploit Oracle WebLogic vulnerabilities in their attacks, in some cases even before a patch is released by Oracle.

Related: New Sodinokibi Ransomware Delivered via Oracle WebLogic Flaw

Related: Critical Oracle WebLogic Vulnerability Exploited in Attacks

Related: Hackers Target Poorly Patched Oracle WebLogic Flaw

Related: Muhstik Botnet Exploits Recent Oracle WebLogic Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.