I. Overview

Oracle officially released a patch update notice for April and disclosed a few high-risk vulnerabilities, including three important RCE vulnerabilities (CVE-2020-2801, CVE-2020-2883, and CVE-2020-2884) on WebLogic Server. The T3 protocol is enabled on WebLogic Server by default. Attackers can use the deserialization vulnerability of the T3 protocol to remotely execute arbitrary code.

If you are a WebLogic Server user, check your version and implement timely security hardening.

Reference links:

https://www.oracle.com/security-alerts/cpuapr2020.html

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected Versions:

WebLogic 10.3.6.0.0

WebLogic 12.1.3.0.0

WebLogic 12.2.1.3.0

WebLogic 12.2.1.4.0

IV. Vulnerability Handling

1. Patch upgrade: These vulnerabilities have been fixed in the officially released patch. Use a licensed account to log in to https://support.oracle.com and download the latest patch

2. Workaround: Disable the T3 protocol to mitigate risks.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.