Oracle WebLogic Remote Code Execution (CVE-2020-14882)

Severity:

Critical

Summary

Invicti identified the Oracle WebLogic Remote Code Execution (CVE-2020-14882) in the target web server.

Impact

The vulnerability allows attackers to execute arbitrary Java code on the target system. The attacker may also be able to execute arbitrary system commands.

Exploit of the vulnerability is known widely and should be addressed as soon as possible.

Remediation

In order to patch this vulnerability, please install the official patch Oracle made available for supported, vulnerable instances.

Required Skills for Successful Exploitation

Actions To Take

Classifications

PCI v3.2-6.5.1

CAPEC-242

CWE-94

HIPAA-164.306(a), 164.308(a)

ISO27001-A.14.2.5

OWASP 2013-A1

OWASP 2017-A1

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Out of Band Code Execution via SSTI

Jetty Web Server Identified

Version Disclosure (Mongrel Web Server)

Version Disclosure (Modernizr)

Progress MOVEit Transfer SQL Injection

Oracle WebLogic Remote Code Execution (CVE-2020-14882)

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.