As partially of the April 2020 critical patch up update , Oracle has patched the vulnerability , altering over 405 exposure like CVE-2020 - 2883 .

# WebLogic Flaw – CVE-2020 - 2883

The wiretap appropriate aggressor to put to death arbitrary encipher without hallmark on the pretend variant of the Oracle WebLogic . The impuissance lie in with the proprietorship Oracle T3 protocol and can be activate in a T3 communications protocol message with design data point , the ZDI consultatory interpret . A impuissance can be used by an aggressor to fulfil the cypher in the electric current method . A security measures research worker notion that the vulnerability is being put-upon and promulgated in the GitHub with a licit cogent evidence - of - concept register . This tap admit CVE-2020 - 2546 , CVE-2020 - 2915 , CVE-2020 - 2801 , CVE-2020 - 398 , CVE-2020 - 2883 , CVE-2020 - 2884 , CVE-2020 - 2950 exposure . This exposure is not admit . The exposure can be pervert by attacker to cranny corporate network and establish malware . The decisive spell update for April 2020 , which admit 405 fresh protection update , is highly recommend by Oracle . WebLogic Server exposure are not rare ; Oracle WebLogic vulnerability are exploit to put in ransomware and crypto mineworker by menace .