CVE-2020-14644
Oracle WebLogic Server Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
94.5%
p100
KEV
YES
Sep 18, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Oracle / WebLogic Server
Vulnerability
Oracle WebLogic Server Remote Code Execution Vulnerability
Added to KEV
Sep 18, 2024
Remediate by
Oct 9, 2024
Known ransomware use
No
Summary description
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://www.oracle.com/security-alerts/cpujul2020.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-14644