Oracle Security Alert for CVE-2020-14750 was released on November 1, 2020. Oracle strongly recommends that customers follow the recommended actions noted in the Security Alert.

This Security Alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. It is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The Security Alert Advisory is the starting point for relevant information. It includes a summary of the security vulnerability, and a pointer to obtain the latest patches. Supported products that are not listed in the “Affected Products and Versions” section of the advisory do not require new patches to be applied.

Also, it is essential to review the Security Alert supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Advisory is available at the following location:

• Oracle Critical Patch Updates and Security Alerts
• Oracle Security Alert for CVE-2020-14750