Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation. Oracle acquired WebLogic Server when it purchased BEA Systems in 2008. In the Oracle Critical Patch Update Advisory – January 2020, Oracle officially fixed a high-risk vulnerability (CVE-2020-2555) that affect to Oracle Coherence library in Oracle WebLogic Server. Researchers show the vulnerability detail.
- Oracle Coherence 188.8.131.52
- Oracle Coherence 184.108.40.206.0
- Oracle Coherence 220.127.116.11.0
- Oracle Coherence 18.104.22.168.0
Oracle releases the patch to fix this vulnerability. Users should upgrade Oracle Coherence as soon as possible. It is recommended that users using Weblogic turn off or disable the T3 protocol to avoid malicious attacks.