Oracle WebLogic Authentication Bypass (CVE-2020-14883)

Severity: High

Summary#

Invicti identified the Oracle WebLogic Authentication Bypass (CVE-2020-14883) in the target web server.

Impact#

An attacker can bypass authentication and gain access to the vulnerable WebLogic instance. Due to the high privileges acquired, an attacker can carry out any administrative action and take complete control over the application.

Exploit of the vulnerability is known widely and should be addressed as soon as possible.

Remediation#

In order to patch this vulnerability, please install the official patch Oracle made available for supported, vulnerable instances.

Classifications#

OWASP 2017-A2, CWE-288, OWASP 2013-A2, CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Oracle WebLogic Authentication Bypass (CVE-2020-14883)

Related Articles

Build your resistance to threats. And save hundreds of hours each month.