CVE-2020-14882: Oracle WebLogic Server Remote Code Execution Vulnerability
First published: Wed Oct 21 2020(Updated: )
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =10.3.6.0.0 | |
| Oracle WebLogic Server | =12.1.3.0.0 | |
| Oracle WebLogic Server | =12.2.1.3.0 | |
| Oracle WebLogic Server | =12.2.1.4.0 | |
| Oracle WebLogic Server | =14.1.1.0.0 | |
| Oracle WebLogic Server | ||
| =10.3.6.0.0 | ||
| =12.1.3.0.0 | ||
| =12.2.1.3.0 | ||
| =12.2.1.4.0 | ||
| =14.1.1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/161128/Oracle-WebLogic-Server-12.2.1.0-Remote-Code-Execution.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-14882
Frequently Asked Questions
What is the severity of CVE-2020-14882?
The severity of CVE-2020-14882 is critical with a CVSS score of 9.8.
Which versions of Oracle WebLogic Server are affected by CVE-2020-14882?
The affected versions of Oracle WebLogic Server are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.
What is the vulnerability description of CVE-2020-14882?
CVE-2020-14882 is a vulnerability in the Oracle WebLogic Server product that allows for remote code execution. An unauthenticated attacker with network access via HTTP can exploit this vulnerability.
Is there a fix for CVE-2020-14882?
Yes, Oracle has released security patches to address the vulnerability. It is recommended to update to the latest version of the affected software.
Where can I find more information about CVE-2020-14882?
You can find more information about CVE-2020-14882 on the following websites: [link 1](http://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html), [link 2](http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html), [link 3](http://packetstormsecurity.com/files/161128/Oracle-WebLogic-Server-12.2.1.0-Remote-Code-Execution.html).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/description
- agent/title
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/event
- agent/tags
- collector/nvd-cve
- source/NVD
- vendor/oracle
- canonical/oracle weblogic server
- version/oracle weblogic server/10.3.6.0.0
- version/oracle weblogic server/12.1.3.0.0
- version/oracle weblogic server/12.2.1.3.0
- version/oracle weblogic server/12.2.1.4.0
- version/oracle weblogic server/14.1.1.0.0