Oracle WebLogic Remote Code Execution (CVE-2020-14882)

Severity: Critical

Summary#

Invicti identified the Oracle WebLogic Remote Code Execution (CVE-2020-14882) in the target web server.

Impact#

The vulnerability allows attackers to execute arbitrary Java code on the target system. The attacker may also be able to execute arbitrary system commands.

Exploit of the vulnerability is known widely and should be addressed as soon as possible.

Remediation#

In order to patch this vulnerability, please install the official patch Oracle made available for supported, vulnerable instances.

Classifications#

ISO27001-A.14.2.5, HIPAA-164.306(a), 164.308(a), PCI v3.2-6.5.1, OWASP 2013-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, OWASP 2017-A1, CAPEC-242, CWE-94

Oracle WebLogic Remote Code Execution (CVE-2020-14882)

Related Articles

Build your resistance to threats. And save hundreds of hours each month.