← volver
CVE-2020-14882

CVE-2020-14882

CVSS 9.8 CRITICALEPSS 100.0%● KEV
En resumen

Una falla crítica en la consola de Oracle WebLogic Server permite que atacantes asuman el control completo del servidor sin necesidad de contraseña ni autenticación, simplemente accediendo a través de internet.

Detalle técnico

Vulnerabilidad de ejecución remota de código no autenticada en el componente consola de Oracle WebLogic Server (versiones 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0) explotable vía HTTP sin requerir autenticación (CVSS 9.8). La explotación exitosa resulta en compromiso total del sistema, incluyendo impactos en confidencialidad, integridad y disponibilidad.

Resumen generado y traducido por IA a partir de la descripción oficial.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Oracle Corporation · WebLogic Server
PoCs públicas encontradas39
githubgithub.com/zhzyker/exphub4283githubgithub.com/jas502n/CVE-2020-14882289githubgithub.com/GGyao/CVE-2020-14882_ALL145githubgithub.com/s1kr10s/CVE-2020-1488229githubgithub.com/NS-Sp4ce/CVE-2020-1488219githubgithub.com/XTeam-Wing/CVE-2020-1488217githubgithub.com/adm1in/CodeTest13githubgithub.com/GGyao/CVE-2020-14882_POC12githubgithub.com/milo2012/CVE-2020-148828githubgithub.com/ludy-dev/Weblogic_Unauthorized-bypass-RCE8githubgithub.com/QmF0c3UK/CVE-2020-148827githubgithub.com/wsfengfan/cve-2020-148827githubgithub.com/corelight/CVE-2020-14882-weblogicRCE7githubgithub.com/xfiftyone/CVE-2020-148825githubgithub.com/kk98kk0/CVE-2020-148823githubgithub.com/mmioimm/cve-2020-148823githubgithub.com/murataydemir/CVE-2020-148823githubgithub.com/exploitblizzard/CVE-2020-14882-WebLogic3githubgithub.com/Ormicron/CVE-2020-14882-GUI-Test2githubgithub.com/Danny-LLi/CVE-2020-148822githubgithub.com/N0Coriander/CVE-2020-14882-148832githubgithub.com/0thm4n3/cve-2020-148822githubgithub.com/b1g-b33f/CVE-2020-148821githubgithub.com/ovProphet/CVE-2020-14882-checker1githubgithub.com/zesnd/CVE-2020-14882-POC0githubgithub.com/KKC73/weblogic-cve-2020-148820githubgithub.com/alexfrancow/CVE-2020-148820githubgithub.com/BabyTeam1024/CVE-2020-148820githubgithub.com/pwn3z/CVE-2020-14882-WebLogic0githubgithub.com/qianniaoge/CVE-2020-14882_Exploit_Gui0githubgithub.com/nik0nz7/CVE-2020-148820githubgithub.com/Root-Shells/CVE-2020-148820githubgithub.com/LucasPDiniz/CVE-2020-148820githubgithub.com/xMr110/CVE-2020-148820githubgithub.com/AleksaZatezalo/CVE-2020-148820exploitdbwww.exploit-db.com/exploits/49479no verificadocve_referencepacketstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/161128/Oracle-WebLogic-Server-12.2.1.0-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/161128/Oracle-WebLogic-Server-12.2.1.0-Remote-Code-Execution.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14882https://www.oracle.com/security-alerts/cpuoct2020.html