CVE-2020-14644

CRITICAL KEV NUCLEI

Oracle WebLogic Server <14.1.1.0.0 - RCE

Title source: llm

Exploitation Summary

CVE-2020-14644 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 18, 2024. EIP tracks 1 public exploit from researchers including 0xkami. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-14644, a deserialization vulnerability in Oracle WebLogic Server. The exploit leverages Javassist to manipulate class definitions and execute arbitrary commands via RMI.

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (1)

nomisec WORKING POC 2 stars

by 0xkami · poc

https://github.com/0xkami/cve-2020-14644

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2020-14644, a deserialization vulnerability in Oracle WebLogic Server. The exploit leverages Javassist to manipulate class definitions and execute arbitrary commands via RMI.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle WebLogic Server

No auth needed

Prerequisites: Network access to the target WebLogic Server · WebLogic Server with vulnerable version

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Oracle WebLogic Server - Remote Code Execution (Insecure Deserialization)

CRITICALby hnd3884

Shodan: cpe:"cpe:2.3:a:oracle:weblogic_server" || product:"WebLogic" || http.server:"WebLogic" || port:7001

FOFA: product="WebLogic" || header="WebLogic Server"

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2020.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14644

Scores

CVSS v3 9.8

EPSS 0.9455

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2024-09-18

VulnCheck KEV 2024-09-18

InTheWild.io 2024-09-18

ENISA EUVD EUVD-2020-6780

Status published

Products (3)

oracle/weblogic_server 12.2.1.3.0

oracle/weblogic_server 12.2.1.4.0

oracle/weblogic_server 14.1.1.0.0

Published Jul 15, 2020

KEV Added Sep 18, 2024

Tracked Since Feb 18, 2026