CVE-2020-14883

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2020-14883 is a vulnerability in the Oracle WebLogic Server, identified as a flaw in software design or implementation. This vulnerability presents a significant security risk, with a CVSS (Common Vulnerability Scoring System) score of 7.2, indicating its severity. Despite being three years old, this vulnerability continues to pose a threat, particularly as it has been exploited by malicious entities for nefarious purposes. The Imperva Threat Research team discovered that the 8220 gang, a group involved in cybercrime, has been exploiting this vulnerability to distribute malware. The group leverages this flaw in the Oracle WebLogic Server to deliver infostealers and cryptominers. Infostealers are designed to steal sensitive information from infected systems, while cryptominers use the resources of compromised systems to mine cryptocurrency, often without the user's knowledge or consent. Earlier in the week, Imperva revealed further details about the activities of the 8220 gang. They found that the gang was not only distributing malware but also using the CVE-2020-14883 vulnerability to deliver cryptocurrency miners. This exploitation of an old vulnerability highlights the importance of regular patching and system updates to protect against such threats. It also underscores the need for ongoing vigilance and threat research to identify and mitigate the risks posed by such vulnerabilities.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Imperva
Oracle
Vulnerability
Malware
Exploits
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2020-14883 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
7 months ago
Week in review: Terrapin SSH attack, Mr. Cooper breach | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
Cyber Security Week In Review: December 22, 2023
CERT-EU
7 months ago
Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware
CERT-EU
7 months ago
8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers - Help Net Security
CERT-EU
8 months ago
How to Attack and Protect WebLogic Server – Global Security Mag Online
CERT-EU
a year ago
Onapsis Research Labs Advisory: CISA AA23-215A Issued to Highlight the Most Consistently and Frequently Exploited Vulnerabilities in 2022
CISA
a year ago
2022 Top Routinely Exploited Vulnerabilities | CISA