Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published 2020-10-21 15:15:25
Updated 2022-07-12 17:42:04
Source Oracle
View at NVD,   CVE.org

CVE-2020-14882 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Oracle WebLogic Server Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750.
Added on 2021-11-03 Action due date 2022-05-03

Exploit prediction scoring system (EPSS) score for CVE-2020-14882

97.47%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2020-14882

  • Oracle WebLogic Server Administration Console Handle RCE
    Disclosure Date: 2020-10-20
    First seen: 2020-11-18
    exploit/multi/http/weblogic_admin_handle_rce
    This module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are

CVSS scores for CVE-2020-14882

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
Oracle

References for CVE-2020-14882

Products affected by CVE-2020-14882

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!