Oracle publishes rare out-of-band security update for WebLogic servers Oracle releases additional fix to patch a bug for the second time after the publication of proof-of-concept exploit code.

Attackers use zero-day to deploy new Sodinokibi ransomware strain on unpatched Oracle WebLogic servers.

Oracle issued an out-of-band security update over the weekend to address a critical remote code execution (RCE) vulnerability impacting multiple Oracle WebLogic Server versions.

Oracle WebLogic is a Java application server and it’s used by many businesses to build and deploy enterprise applications. Its popularity and widespread use has made it a target in the past.

In June 2019, Oracle said that a critical remote code-execution flaw in its WebLogic Server (CVE-2019-2729) was being actively exploited in the wild.

CVE-2020-2883 was patched in Oracle's April 2020 Critical Patch Update - but proof of concept exploit code was published shortly after.

For the new release of its WebLogic, Oracle has tailored the enterprise Java application server so that it can be used more easily in cloud deployments.