CVE-2020-14882.md
1 #### 18-09-2024 2 3 **1. Description:** 4 5 - **Brief Summary:** Vulnerability in the <mark style="background: #FF5582A6;">Oracle WebLogic Server</mark> product of Oracle Fusion Middleware (component: Console).Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to <mark style="background: #FF5582A6;">compromise Oracle WebLogic Server</mark>. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. 6 - **Technical Details:** [[CVE-2020-14882]] is a <mark style="background: #FF5582A6;">remote code execution (RCE)</mark> flaw in the Console component of Oracle WebLogic Server. 7 - **Severity Score:** 8 - **CVSS v3.1 Base Score:** 9.8 9 - **CVSS v3.1 Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10 - **Affected Software/Versions:** Oracle Web Logic 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 11 12 **2. Vulnerability Analysis:** 13 14 - **Impact:** 15 - Remote Code Execution (RCE) 16 - **Remediation:** [Patch](https://support.oracle.com/rs?type=doc&id=2724951.1) 17 18 **3. References:** 19 20 - **Official CVE Entry:** [Yes](https://nvd.nist.gov/vuln/detail/CVE-2020-14882) 21 - **Vendor Advisory:** 22 - [tenable](https://www.tenable.com/blog/cve-2020-14882-oracle-weblogic-remote-code-execution-vulnerability-exploited-in-the-wild) 23 - [rapid7](https://www.rapid7.com/blog/post/2020/10/29/oracle-weblogic-unauthenticated-complete-takeover-cve-2020-14882-what-you-need-to-know/) 24 - **POC**: [Yes](https://github.com/jas502n/CVE-2020-14882) 25 - **Other Relevant Resources:** [Python POC](https://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html) 26 27 **4. Notes (Optional):** 28 29 - **Additional Information:** n/a 30 - **Timeline:** n/a