Vulnerabilities > CVE-2020-14882 - Unspecified vulnerability in Oracle Weblogic Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Related news
- Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882) (source)
- Oracle WebLogic Server RCE Flaw Under Active Attack (source)
- Week in review: Automated pentesting, Oracle WebLogic servers under attack (source)
- Critical bug actively used to deploy Cobalt Strike on Oracle servers (source)
- Critical Oracle WebLogic flaw actively exploited by DarkIRC malware (source)
- Golang Cryptomining Worm Offers 15% Speed Boost (source)
- Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies (source)
- 8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers (source)
References
- https://www.oracle.com/security-alerts/cpuoct2020.html
- http://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/161128/Oracle-WebLogic-Server-12.2.1.0-Remote-Code-Execution.html