CVE-2020-14645

CRITICAL

Oracle WebLogic Server <14.1.1.0.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2020-14645. PoCs published by Y4er, Schira4396, DaBoQuan.

AI-analyzed exploit summary This PoC exploits CVE-2020-14645, a deserialization vulnerability in WebLogic, by crafting a malicious serialized object that triggers JNDI injection via an LDAP reference. The payload is sent over T3 protocol to achieve remote code execution.

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (6)

nomisec WORKING POC 80 stars
by Y4er · poc
https://github.com/Y4er/CVE-2020-14645

This PoC exploits CVE-2020-14645, a deserialization vulnerability in WebLogic, by crafting a malicious serialized object that triggers JNDI injection via an LDAP reference. The payload is sent over T3 protocol to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server 12.2.1.4.0
No auth needed
Prerequisites: JDK Version < JDK6u211/7u201/8u191 · Access to WebLogic T3 port (7001) · LDAP server hosting malicious payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 7 stars
by Schira4396 · poc
https://github.com/Schira4396/CVE-2020-14645

This repository contains a Python-based exploit for CVE-2020-14645, a vulnerability in Oracle WebLogic Server. The exploit leverages JNDI injection to achieve remote code execution (RCE) by spawning a reverse shell via a crafted payload.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server
No auth needed
Prerequisites: Network access to the target WebLogic Server · Java runtime environment for executing the exploit JAR · JNDI-Injection-Exploit tool
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by DaBoQuan · poc
https://github.com/DaBoQuan/CVE-2020-14645

This repository contains a proof-of-concept exploit for CVE-2020-14645, a deserialization vulnerability in Oracle WebLogic Server. The exploit leverages JNDI injection via LDAP to achieve remote code execution by sending a malicious T3 protocol payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server
No auth needed
Prerequisites: Access to a vulnerable WebLogic Server instance · LDAP server to host malicious payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by NeCr00 · poc
https://github.com/NeCr00/CVE-2020-14645

This repository contains a functional exploit for CVE-2022-21445, a Java deserialization vulnerability in Oracle ADF Faces leading to unauthenticated Remote Code Execution. The exploit generates payloads for different attack scenarios (webshell, sleep, DNS callback) and includes detailed setup instructions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server 12.2.1.3 and 12.2.1.4 (ADF Faces)
No auth needed
Prerequisites: JDK 1.8 · Oracle JARs (coherence.jar, adf-richclient-api-11.jar, etc.)
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC
by HYWZ36 · poc
https://github.com/HYWZ36/CVE-2020-14645-code

This repository contains a proof-of-concept exploit for CVE-2020-14645, a deserialization vulnerability in Oracle WebLogic Server. The exploit leverages JNDI injection via LDAP to achieve remote code execution by sending a malicious serialized payload over the T3/T3S protocol.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server 12.2.1.4.0
No auth needed
Prerequisites: Access to WebLogic T3/T3S port · LDAP server to host malicious payload · Java environment for compilation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.4621
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

Status published
Products (5)
oracle/weblogic_server 10.3.6.0.0
oracle/weblogic_server 12.1.3.0.0
oracle/weblogic_server 12.2.1.3.0
oracle/weblogic_server 12.2.1.4.0
oracle/weblogic_server 14.1.1.0.0
Published Jul 15, 2020
Tracked Since Feb 18, 2026