critical
9.8
Advisory Published
Updated

CVE-2020-2801

First published: Wed Apr 15 2020(Updated: )

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. Note: The patch for this issue will address the vulnerability only if the WLS instance is using JDK 1.7.0_191 or later, or JDK 1.8.0_181 or later. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Credit: secalert_us@oracle.com

Affected SoftwareAffected VersionHow to fix
Oracle WebLogic Server=10.3.6.0.0
Oracle WebLogic Server=12.1.3.0.0
Oracle WebLogic Server=12.2.1.3.0
Oracle WebLogic Server=12.2.1.4.0
Oracle JDK 6=1.7.0-update191
Oracle JDK 6=1.7.0-update191_b31
Oracle JDK 6=1.7.0-update191_b32
Oracle JDK 6=1.7.0-update2
Oracle JDK 6=1.7.0-update201
Oracle JDK 6=1.7.0-update201_b31
Oracle JDK 6=1.7.0-update21
Oracle JDK 6=1.7.0-update21_b31
Oracle JDK 6=1.7.0-update211
Oracle JDK 6=1.7.0-update211_b31
Oracle JDK 6=1.7.0-update211_b32
Oracle JDK 6=1.7.0-update221
Oracle JDK 6=1.7.0-update221_b31
Oracle JDK 6=1.7.0-update221_b32
Oracle JDK 6=1.7.0-update221_b34
Oracle JDK 6=1.7.0-update221_b35
Oracle JDK 6=1.7.0-update231
Oracle JDK 6=1.7.0-update231_b32
Oracle JDK 6=1.7.0-update241
Oracle JDK 6=1.7.0-update241_b31
Oracle JDK 6=1.7.0-update25
Oracle JDK 6=1.7.0-update25_b33
Oracle JDK 6=1.7.0-update25_b34
Oracle JDK 6=1.7.0-update25_b35
Oracle JDK 6=1.7.0-update251
Oracle JDK 6=1.7.0-update261
Oracle JDK 6=1.7.0-update271
Oracle JDK 6=1.7.0-update271_b31
Oracle JDK 6=1.7.0-update281
Oracle JDK 6=1.7.0-update281_b32
Oracle JDK 6=1.7.0-update281_b33
Oracle JDK 6=1.7.0-update291
Oracle JDK 6=1.7.0-update291_b31
Oracle JDK 6=1.7.0-update291_b32
Oracle JDK 6=1.7.0-update3
Oracle JDK 6=1.7.0-update301
Oracle JDK 6=1.7.0-update301_b31
Oracle JDK 6=1.7.0-update311_b31
Oracle JDK 6=1.7.0-update321
Oracle JDK 6=1.7.0-update321_b31
Oracle JDK 6=1.7.0-update331
Oracle JDK 6=1.7.0-update341
Oracle JDK 6=1.7.0-update341_b31
Oracle JDK 6=1.7.0-update343
Oracle JDK 6=1.7.0-update343_b31
Oracle JDK 6=1.7.0-update4
Oracle JDK 6=1.7.0-update40
Oracle JDK 6=1.7.0-update45
Oracle JDK 6=1.7.0-update45_b31
Oracle JDK 6=1.7.0-update45_b32
Oracle JDK 6=1.7.0-update45_b33
Oracle JDK 6=1.7.0-update45_b34
Oracle JDK 6=1.7.0-update5
Oracle JDK 6=1.7.0-update51
Oracle JDK 6=1.7.0-update51_b31
Oracle JDK 6=1.7.0-update51_b32
Oracle JDK 6=1.7.0-update51_b33
Oracle JDK 6=1.7.0-update55
Oracle JDK 6=1.7.0-update55_b31
Oracle JDK 6=1.7.0-update55_b32
Oracle JDK 6=1.7.0-update55_b33
Oracle JDK 6=1.7.0-update55_b35
Oracle JDK 6=1.7.0-update6
Oracle JDK 6=1.7.0-update60
Oracle JDK 6=1.7.0-update60_b32
Oracle JDK 6=1.7.0-update60_b33
Oracle JDK 6=1.7.0-update65
Oracle JDK 6=1.7.0-update65_b33
Oracle JDK 6=1.7.0-update67
Oracle JDK 6=1.7.0-update67_b31
Oracle JDK 6=1.7.0-update67_b34
Oracle JDK 6=1.7.0-update7
Oracle JDK 6=1.7.0-update7_b32
Oracle JDK 6=1.7.0-update71
Oracle JDK 6=1.7.0-update72
Oracle JDK 6=1.7.0-update72_b31
Oracle JDK 6=1.7.0-update72_b32
Oracle JDK 6=1.7.0-update72_b33
Oracle JDK 6=1.7.0-update75
Oracle JDK 6=1.7.0-update76
Oracle JDK 6=1.7.0-update76_b32
Oracle JDK 6=1.7.0-update76_b33
Oracle JDK 6=1.7.0-update76_b34
Oracle JDK 6=1.7.0-update76_b35
Oracle JDK 6=1.7.0-update76_b36
Oracle JDK 6=1.7.0-update76_b37
Oracle JDK 6=1.7.0-update76_b38
Oracle JDK 6=1.7.0-update79
Oracle JDK 6=1.7.0-update80
Oracle JDK 6=1.7.0-update80_b33
Oracle JDK 6=1.7.0-update80_b35
Oracle JDK 6=1.7.0-update85
Oracle JDK 6=1.7.0-update85_b31
Oracle JDK 6=1.7.0-update85_b33
Oracle JDK 6=1.7.0-update85_b34
Oracle JDK 6=1.7.0-update9
Oracle JDK 6=1.7.0-update9_b31
Oracle JDK 6=1.7.0-update9_b32
Oracle JDK 6=1.7.0-update91
Oracle JDK 6=1.7.0-update91_b17
Oracle JDK 6=1.7.0-update91_b32
Oracle JDK 6=1.7.0-update91_b33
Oracle JDK 6=1.7.0-update95
Oracle JDK 6=1.7.0-update95_b13
Oracle JDK 6=1.7.0-update95_b31
Oracle JDK 6=1.7.0-update95_b32
Oracle JDK 6=1.7.0-update97
Oracle JDK 6=1.7.0-update97_b31
Oracle JDK 6=1.7.0-update97_b32
Oracle JDK 6=1.7.0-update97_b33
Oracle JDK 6=1.7.0-update99
Oracle JDK 6=1.7.0-update99_b31
Oracle JDK 6=1.8.0-update181
Oracle JDK 6=1.8.0-update182
Oracle JDK 6=1.8.0-update191
Oracle JDK 6=1.8.0-update192
Oracle JDK 6=1.8.0-update20
Oracle JDK 6=1.8.0-update201
Oracle JDK 6=1.8.0-update202
Oracle JDK 6=1.8.0-update211
Oracle JDK 6=1.8.0-update212
Oracle JDK 6=1.8.0-update221
Oracle JDK 6=1.8.0-update231
Oracle JDK 6=1.8.0-update241
Oracle JDK 6=1.8.0-update25
Oracle JDK 6=1.8.0-update251
Oracle JDK 6=1.8.0-update252
Oracle JDK 6=1.8.0-update261
Oracle JDK 6=1.8.0-update271
Oracle JDK 6=1.8.0-update281
Oracle JDK 6=1.8.0-update291
Oracle JDK 6=1.8.0-update301
Oracle JDK 6=1.8.0-update31
Oracle JDK 6=1.8.0-update311
Oracle JDK 6=1.8.0-update321
Oracle JDK 6=1.8.0-update331
Oracle JDK 6=1.8.0-update333
Oracle JDK 6=1.8.0-update341
Oracle JDK 6=1.8.0-update345
Oracle JDK 6=1.8.0-update40
Oracle JDK 6=1.8.0-update45
Oracle JDK 6=1.8.0-update5
Oracle JDK 6=1.8.0-update51
Oracle JDK 6=1.8.0-update6
Oracle JDK 6=1.8.0-update60
Oracle JDK 6=1.8.0-update65
Oracle JDK 6=1.8.0-update66
Oracle JDK 6=1.8.0-update71
Oracle JDK 6=1.8.0-update72
Oracle JDK 6=1.8.0-update73
Oracle JDK 6=1.8.0-update74
Oracle JDK 6=1.8.0-update77
Oracle JDK 6=1.8.0-update91
Oracle JDK 6=1.8.0-update92

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-2801?

    CVE-2020-2801 is classified as a critical vulnerability.

  • How do I fix CVE-2020-2801?

    To remediate CVE-2020-2801, apply the latest security patches provided by Oracle for the affected versions of WebLogic Server.

  • Which versions of Oracle WebLogic Server are affected by CVE-2020-2801?

    CVE-2020-2801 affects Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0.

  • Can CVE-2020-2801 be exploited remotely?

    Yes, CVE-2020-2801 is easily exploitable by unauthenticated attackers with network access via IIOP or T3.

  • What type of vulnerability is CVE-2020-2801?

    CVE-2020-2801 is a code execution vulnerability that allows attackers to compromise the affected system.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203