Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Protect assets from ransomware, trojans, rootkits and more.
Intelligence and visibility across AWS, O365, DevOps and more.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Join Tiff Cook, eSentire's Sr. Director of Incident Response and Bill…
eSentire will be participating in ILTA LegalSEC Summit.
Join eSentire as they explore how to build a comprehensive training and…
Technical details of the Oracle Remote Code Execution (RCE) vulnerability CVE-2020-14882 were publicly released on October 28, 2020 . This vulnerability affects multiple versions of the Oracle WebLogic Server. Exploitation of CVE-2020-14882 is considered trivial and can result in the full takeover of vulnerable Oracle WebLogic Servers.
eSentire assesses with high confidence that public exploitation of CVE-2020-14882 by threat actors is imminent. Organizations are strongly recommended to apply the official security patches as soon as possible.
What we’re doing about it
What you should do about it
CVE-2020-14882 received a base criticality rating of 9.8 out of 10.
The vulnerability resides in the Oracle WebLogic Server product of Oracle Fusion Middleware. In order to exploit CVE-2020-14882, a threat actor requires network access via HTTP. Exploitation is achieved via a malicious POST request.
In the October Oracle patch on October 21st, multiple other critical vulnerabilities were released. Other vulnerabilities of specific note include CVE-2020-14841, CVE-2020-14825, and CVE-202014859. Organizations are recommended to ensure that all Oracle systems are up to date with the most recent security updates.
Affected Oracle Versions: