The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn. The exploit attempts on the honeypots so far originate from four IP addresses: 114243.211.182, 139162.162.228, 185225.225.19.240 and 8417.37.239. The exploits appear to be based on a Wednesday blog post published (in Vietnamese) by Jang) who described how to leverage the flaw to achieve remote code execution via only one GET request.
Source: https://threatpost.com/oracle-weblogic-server-rce-flaw-attack/160723/