The vulnerability leveraged in the attacks is CVE-2020-14882 with a severity rating 9.8 out of 10. Honeypots set up by the SANS Technology Institute caught the attacks shortly after exploit code for the vulnerability emerged in the public space. Vulnerable versions of Oracle WebLogic Server are 10.6.0, 12.1.3.0 to 12.2.1. The vulnerability is based on technical details in a blog post (Vietnamese) published yesterday by security researcher.
Source: https://www.bleepingcomputer.com/news/security/critical-oracle-weblogic-flaw-actively-targeted-in-attacks/