CVE-2020-2884: 
Oracle WebLogic Server vulnerability analysis and mitigation

CVE-2020-2884 is a critical vulnerability in Oracle WebLogic Server's Core component that affects versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0. The vulnerability was discovered by Bui Duong from Viettel Cyber Security and was patched in Oracle's April 2020 Critical Patch Update (Oracle CPU).

This vulnerability allows unauthenticated attackers with network access via IIOP or T3 protocols to compromise Oracle WebLogic Server. The vulnerability is related to the T3 protocol and can be triggered with crafted data in a T3 protocol message, leading to deserialization of untrusted data (GBHackers).

A successful exploitation of this vulnerability can result in complete takeover of Oracle WebLogic Server, potentially allowing attackers to execute arbitrary code on affected systems (Oracle CPU).

Oracle strongly recommends customers to apply the April 2020 Critical Patch Update which addresses this vulnerability along with 404 other security patches. Until patches can be applied, organizations should consider blocking network protocols required for attacks, particularly the T3 and IIOP protocols (Oracle CPU).

Oracle Director of Security Assurance Eric Maurice reported receiving multiple reports of attempts to maliciously exploit several recently-patched vulnerabilities, including CVE-2020-2884. The security community has noted that WebLogic Server vulnerabilities are commonly exploited by threat actors to deploy ransomware and crypto miners (GBHackers).