sunhux
asked on
is CVE-2020-14750 patch part of Oct CPU or it's a separate patch & where to download this out-of-band patch for it
https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
https://www.zdnet.com/article/oracle-publishes-rare-out-of-band-security-update-for-weblogic-servers/
From the 1st link extracted the line below, which my colleague & I have different understandings:
"This CVE-2020-14750 vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update"
Q1:
He believe the patch for CVE-2020-14882 is already built into or bundled into Oct's CPU.
My interpretation of the above is CVE-2020-14882 is addressed in Oct's CPU but there's
a separate patch (that's out-of-band) for 2020-14750 which I think the 2nd link is alluding
to as well?
Q2:
https://www.oracle.com/security-alerts/cpuoct2020.html
From above url (click Weblogic product), I don't see CVE-2020-14750
being mentioned. Anyone know where to download the patch for it
(assuming it's not part of Oct's CPU)
https://www.zdnet.com/article/oracle-publishes-rare-out-of-band-security-update-for-weblogic-servers/
From the 1st link extracted the line below, which my colleague & I have different understandings:
"This CVE-2020-14750 vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update"
Q1:
He believe the patch for CVE-2020-14882 is already built into or bundled into Oct's CPU.
My interpretation of the above is CVE-2020-14882 is addressed in Oct's CPU but there's
a separate patch (that's out-of-band) for 2020-14750 which I think the 2nd link is alluding
to as well?
Q2:
https://www.oracle.com/security-alerts/cpuoct2020.html
From above url (click Weblogic product), I don't see CVE-2020-14750
being mentioned. Anyone know where to download the patch for it
(assuming it's not part of Oct's CPU)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok noted
ASKER
if anyone has access to Oracle support login, can post the exact URL to
download the out-of-band patch & I'll get colleague to get it from there.
Somehow he can't locate it