Oracle issued an out-of-band security update over the weekend to address a critical remote code execution (RCE) vulnerability impacting multiple Oracle WebLogic Server versions.

CVE-2020-2883 was patched in Oracle's April 2020 Critical Patch Update - but proof of concept exploit code was published shortly after.

Oracle publishes rare out-of-band security update for WebLogic servers Oracle releases additional fix to patch a bug for the second time after the publication of proof-of-concept exploit code.

For the new release of its WebLogic, Oracle has tailored the enterprise Java application server so that it can be used more easily in cloud deployments.

In June 2019, Oracle said that a critical remote code-execution flaw in its WebLogic Server (CVE-2019-2729) was being actively exploited in the wild.

Oracle warns of attacks against recently patched WebLogic security bug Oracle patched the bug last month but attacks began after proof-of-concept code was published on GitHub.