sunhux

<div>
Thanks David.<br><br>if anyone has access to Oracle support login, can post the exact URL to<br>download the out-of-band patch &amp; I'll get colleague to get it from there.<br>Somehow he can't locate it
</div>


Thanks David.

if anyone has access to Oracle support login, can post the exact URL to
download the out-of-band patch & I'll get colleague to get it from there.
Somehow he can't locate it

<div>
<div class="content wysiwyg-content fr-view">
<a href="https://www.oracle.com/security-alerts/alert-cve-2020-14750.html" rel="ugc">https://www.oracle.com/security-alerts/alert-cve-2020-14750.html</a><br><a href="https://www.zdnet.com/article/oracle-publishes-rare-out-of-band-security-update-for-weblogic-servers/" rel="ugc">https://www.zdnet.com/article/oracle-publishes-rare-out-of-band-security-update-for-weblogic-servers/</a><br><br>From the 1st link extracted the line below, which my colleague &amp; I have different understandings:<br>"This CVE-2020-14750 &nbsp;vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update"<br><br>Q1:<br>He believe the patch for CVE-2020-14882 is already built into or bundled into Oct's CPU.<br>My interpretation of the above is CVE-2020-14882 is addressed in Oct's CPU but there's<br>a separate patch (that's out-of-band) for 2020-14750 &nbsp;which I think the 2nd link is alluding<br>to as well?<br><br>Q2:<br><a href="https://www.oracle.com/security-alerts/cpuoct2019.html" rel="ugc">https://www.oracle.com/security-alerts/cpuoct2020.html</a><br>From above url (click Weblogic product), I don't see&nbsp;<span style=" text-align: left;">CVE-2020-14750</span><br><span style=" text-align: left;">being mentioned. &nbsp;Anyone know where to download the patch for it</span><br><span style=" text-align: left;">(assuming it's not part of Oct's CPU)</span>
</div>
</div>



https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
https://www.zdnet.com/article/oracle-publishes-rare-out-of-band-security-update-for-weblogic-servers/
From the 1st link extracted the line below, which my colleague & I have different understandings:
"This CVE-2020-14750  vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update"
Q1:
He believe the patch for CVE-2020-14882 is already built into or bundled into Oct's CPU.
My interpretation of the above is CVE-2020-14882 is addressed in Oct's CPU but there's
a separate patch (that's out-of-band) for 2020-14750  which I think the 2nd link is alluding
to as well?
Q2:
https://www.oracle.com/security-alerts/cpuoct2020.html
From above url (click Weblogic product), I don't see 
CVE-2020-14750
being mentioned.  Anyone know where to download the patch for it
(assuming it's not part of Oct's CPU)

is CVE-2020-14750 patch part of Oct CPU or it's a separate patch &amp; where to download this out-of-band patch for it

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Web applications are systems that run in browsers that perform functions normally associated with other client-based programs. One of the most commonly used web applications is email; instead of downloading individual emails to a local machine, the data is shown through a website. Other examples of web applications are collaborative systems like a wiki or an online game.

Web Applications

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

is CVE-2020-14750 patch part of Oct CPU or it's a separate patch &amp; where to download this out-of-band patch for it

is CVE-2020-14750 patch part of Oct CPU or it's a separate patch & where to download this out-of-band patch for it