← back
CVE-2020-14883

CVE-2020-14883

CVSS 7.2 HIGHEPSS 97.9%● KEV
In short

A vulnerability in Oracle WebLogic Server's administrative console allows an attacker with high-level privileges to take complete control of the server through the network, compromising all its data and functionality.

Technical detail

An easily exploitable vulnerability in Oracle WebLogic Server Console (versions 10.3.6, 12.1.3, 12.2.1.3, 12.2.1.4, 14.1.1) requires high privilege credentials and network access via HTTP to achieve unauthenticated remote code execution or administrative takeover. The attack has no user interaction requirement and results in complete compromise of confidentiality, integrity, and availability (CVSS 7.2).

Summary generated and translated by AI from the official description.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Oracle Corporation · WebLogic Server
public PoCs found7
githubgithub.com/1n7erface/PocList1077githubgithub.com/murataydemir/CVE-2020-1488313githubgithub.com/B1anda0/CVE-2020-148837githubgithub.com/fan1029/CVE-2020-14883EXP5githubgithub.com/Osyanina/westone-CVE-2020-14883-scanner0githubgithub.com/amacloudobia/CVE-2020-148830cve_referencepacketstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14883https://www.oracle.com/security-alerts/cpuoct2020.html