As piece of the April 2020 vital mend update , Oracle has patch up the exposure , repair over 405 vulnerability like CVE-2020 - 2883 .

# WebLogic Flaw – CVE-2020 - 2883

The wiretap allow for attacker to fulfil arbitrary code without certification on the moved translation of the Oracle WebLogic . The weakness Lie with the proprietary Oracle T3 protocol and can be trigger in a T3 communications protocol message with contrive datum , the ZDI consultive study . A impuissance can be exploited by an aggressor to run the computer code in the electric current method . A protection research worker consider that the exposure is being ill-used and print in the GitHub with a legalize trial impression - of - concept charge . This feat admit CVE-2020 - 2546 , CVE-2020 - 2915 , CVE-2020 - 2801 , CVE-2020 - 398 , CVE-2020 - 2883 , CVE-2020 - 2884 , CVE-2020 - 2950 vulnerability . This exposure is not let in . The exposure can be clapperclaw by assaulter to ace embodied network and install malware . The vital bandage update for April 2020 , which let in 405 freshly security system update , is highly commend by Oracle . WebLogic Server vulnerability are not rare ; Oracle WebLogic vulnerability are victimized to put in ransomware and crypto miner by menace .