Summary #

Netsparker identified the Oracle WebLogic Remote Code Execution (CVE-2020-14882) in the target web server.

Impact #

The vulnerability allows attackers to execute arbitrary Java code on the target system. The attacker may also be able to execute arbitrary system commands.

Exploit of the vulnerability is known widely and should be addressed as soon as possible.

Remediation #

In order to patch this vulnerability, please install the official patch Oracle made available for supported, vulnerable instances.

Classifications #
PCI v3.2-, CAPEC-242, CWE-94, HIPAA-94, ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO