Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server. The vulnerability (CVE-2020-14750) has a CVSS base score of 9.8 out of 10, and is remotely exploitable without authentication (meaning it may be exploited over a network without the need for a username and password) The vulnerability exists in the Console of the Oracle Web Logic Server and can be exploited via the HTTP network protocol. A potential attack has low complexity and no user interaction is required, said Oracle.
Source: https://threatpost.com/oracle-update-weblogic-server-flaw/160889/