Published on: 21 October 2020
Last update on: 04 November 2020
Tweet
Published on: 21 October 2020
Last update on: 04 November 2020
Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products. The list of security updates can be found at:
This link will open in a new windowhttps://www.oracle.com/security-alerts/cpuoct2020.html
Oracle has released an out-of-band security update to address another remote code execution vulnerability (CVE-2020-14750) in Oracle WebLogic server. A proof-of-concept (PoC) code exploiting CVE-2020-14750 is publicly available. System administrator are advised to apply the latest security patch on the affected systems immediately to mitigate the elevated risk of cyber attacks.
Reports indicate that active exploitation against a critical vulnerability (CVE-2020-14882) for remote code execution in Oracle WebLogic server have been observed. In view of the elevated risk of cyber attacks, system administrators should accord priority to patch this particular vulnerability immediately.
Before the patch could be applied, system administrators should ensure that the admin portal (TCP port 7001 by default) is not exposed to the Internet and keep blocking access to the admin portal from untrusted network, review application logs for suspicious HTTP requests including double-encoded path traversal ‘%252E%252E%252F’ to admin portal console, and monitor any suspicious processes created by an application.
A complete list of the affected products can be found at:
This link will open in a new windowhttps://www.oracle.com/security-alerts/cpuoct2020.html
Depending on the vulnerability exploited, a successful attack could lead to denial of services, data tampering, information disclosure, system crash or compromise of a vulnerable system.
Patches for affected systems are available. Users of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
For Oracle Java SE products, please refer to the following link:
This link will open in a new windowhttps://www.oracle.com/java/technologies/javase-downloads.html
For OpenJDK, please refer to the following link:
This link will open in a new windowhttps://jdk.java.net
Users could also access the security advisory below for the information about the security updates of other Oracle products:
This link will open in a new windowhttps://www.oracle.com/security-alerts/cpuoct2020.html
Users may contact their product support vendors for the fixes and assistance.
This link will open in a new windowhttps://www.oracle.com/security-alerts/alert-cve-2020-14750.html
This link will open in a new windowhttps://us-cert.cisa.gov/ncas/current-activity/2020/11/02/oracle-releases-out-band-security-alert
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14750
This link will open in a new windowhttps://blog.rapid7.com/2020/10/29/oracle-weblogic-unauthenticated-complete-takeover-cve-2020-14882-what-you-need-to-know
This link will open in a new windowhttps://twitter.com/testanull/status/1321390624042442753
This link will open in a new windowhttps://www.oracle.com/security-alerts/cpuoct2020.html
This link will open in a new windowhttps://www.oracle.com/java/technologies/javase/8u271-relnotes.html
This link will open in a new windowhttps://www.oracle.com/java/technologies/javase/11-0-9-relnotes.html
This link will open in a new windowhttps://www.oracle.com/java/technologies/javase/15-0-1-relnotes.html
This link will open in a new windowhttps://openjdk.java.net/groups/vulnerability/advisories/2020-10-20
This link will open in a new windowhttps://www.hkcert.org/my_url/en/alert/20102103
This link will open in a new windowhttps://us-cert.cisa.gov/ncas/current-activity/2020/10/20/oracle-releases-october-2020-security-bulletin-0
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1832
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9251
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2510
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5725
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9096
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12626
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3693
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8013
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8088
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11058
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17196
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0192
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0201
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2897
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2904
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3740
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10072
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10097
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10173
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11048
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11922
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12260
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13990
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17091
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17359
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17495
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17558
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17638
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010239
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1730
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1941
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1951
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1953
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1954
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2555
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3235
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3909
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4051
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5398
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5408
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9281
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9410
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9489
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10683
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10722
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11973
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14195
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14672
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14731
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14732
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14734 (to CVE-2020-14736)
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14740 (to CVE-2020-14746)
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14752 (to CVE-2020-14754)
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14757 (to CVE-2020-14873)
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14875 (to CVE-2020-14901)
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15389