Critical Vulnerability in Oracle WebLogic Exploited in the...

Critical Vulnerability in Oracle WebLogic Exploited in the Wild (CVE-2020-14882)

On October 21, Oracle published its quarterly Critical Patch Update (CPU), which addressed 230 vulnerabilities across 402 security patches, including several fixes for flaws in Oracle WebLogic Server.

On October 29, SANS Internet Storm Center (ISC) published a post detailing active exploitation of CVE-2020-14882, one of the Oracle WebLogic Server vulnerabilities patched last week. The vulnerability exists in the Console component of Oracle WebLogic Server. It was assigned a CVSSv3 score of 9.8 out of 10. Details about this particular vulnerability were published by a security researcher named Jang, who is credited with discovering previous flaws in Oracle WebLogic Server.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Critical Vulnerability in Oracle WebLogic Exploited in the...

Recent Discussions

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Microsoft Patch Tuesday 2025 Year in Review

Americas

Europe

Asia / Australia