Vulnerability Details : CVE-2020-2883
Public exploit exists!
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Products affected by CVE-2020-2883
- cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
CVE-2020-2883 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Oracle WebLogic Server Unspecified Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.
Notes:
https://www.oracle.com/security-alerts/cpuapr2020.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-2883
Added on
2025-01-07
Action due date
2025-01-28
Exploit prediction scoring system (EPSS) score for CVE-2020-2883
93.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-2883
-
WebLogic Server Deserialization RCE BadAttributeValueExpException ExtComp
Disclosure Date: 2020-04-30First seen: 2020-06-04exploit/multi/misc/weblogic_deserialize_badattr_extcompThere exists a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized `BadAttributeValueExpException` object over the T3 protocol to vulnerable versi
CVSS scores for CVE-2020-2883
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Oracle | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2020-2883
-
http://packetstormsecurity.com/files/157950/WebLogic-Server-Deserialization-Remote-Code-Execution.html
WebLogic Server Deserialization Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Oracle Critical Patch Update Advisory - April 2020Vendor Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-504/
ZDI-20-504 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://www.zerodayinitiative.com/advisories/ZDI-20-570/
ZDI-20-570 | Zero Day InitiativeThird Party Advisory;VDB Entry
Jump to