CVE-2020-14750: 
Oracle WebLogic Server vulnerability analysis and mitigation

A critical remote code execution vulnerability (CVE-2020-14750) was discovered in Oracle WebLogic Server's Console component. The vulnerability affects multiple versions including 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. This vulnerability is related to CVE-2020-14882, which was previously addressed in the October 2020 Critical Patch Update (Oracle Alert).

The vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. It has been assigned a CVSS 3.1 Base Score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high impacts on confidentiality, integrity, and availability. The vulnerability is considered easily exploitable and requires no user interaction or special privileges (NVD).

Successful exploitation of this vulnerability can result in complete takeover of Oracle WebLogic Server, potentially leading to unauthorized access, data breach, and system compromise. The critical CVSS score of 9.8 indicates severe potential impacts on system confidentiality, integrity, and availability (Oracle Alert, NVD).

Oracle released security patches for all affected versions of WebLogic Server. Organizations were strongly advised to apply these updates immediately due to the severity of the vulnerability and the availability of exploit code. The patches were made available through Oracle's Security Alert program for products under Premier Support or Extended Support phases (Oracle Alert).