CVE-2020-14750

CRITICAL KEV NUCLEI

Oracle WebLogic Server <14.1.1.0.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-14750 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 3 public exploits from researchers including pprietosanchez, kkhacklabs. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2020-14750, targeting Oracle WebLogic Server. The exploit leverages a deserialization vulnerability combined with a path traversal flaw to achieve remote code execution (RCE) via a crafted HTTP POST request.

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (3)

nomisec WORKING POC 48 stars
by pprietosanchez · remote
https://github.com/pprietosanchez/CVE-2020-14750

This repository contains a functional exploit PoC for CVE-2020-14750, targeting Oracle WebLogic Server. The exploit leverages a deserialization vulnerability combined with a path traversal flaw to achieve remote code execution (RCE) via a crafted HTTP POST request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server (versions affected by CVE-2020-14750)
No auth needed
Prerequisites: Network access to the target WebLogic Server · Target must be vulnerable to CVE-2020-14750
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by kkhacklabs · remote
https://github.com/kkhacklabs/CVE-2020-14750

This script exploits CVE-2020-14750 and CVE-2020-14882 in Oracle WebLogic Server by sending a crafted POST request to execute arbitrary commands via deserialization and reflection. It checks for vulnerability by attempting to execute 'echo hello' and verifying the response.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server
No auth needed
Prerequisites: Network access to the target WebLogic Server · Target server must be vulnerable to CVE-2020-14750 or CVE-2020-14882
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb SCANNER
remote
https://github.com/0xn0ne/weblogicScanner

This repository contains a WebLogic vulnerability scanner that checks for multiple CVEs, including CVE-2020-14750. It sends HTTP requests to detect vulnerabilities but does not include exploit code for CVE-2020-14750.

Classification
Scanner 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server
No auth needed
Prerequisites: network access to WebLogic server
devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

Oracle WebLogic Server - Remote Command Execution
CRITICALVERIFIEDby princechaddha,DhiyaneshDk
Shodan: http.html:"Weblogic Application Server" || http.title:"weblogic" || http.html:"weblogic application server"
FOFA: title="weblogic" || body="weblogic application server"

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.9444
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-08-04
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2020-6886
Status published
Products (5)
oracle/weblogic_server 10.3.6.0.0
oracle/weblogic_server 12.1.3.0.0
oracle/weblogic_server 12.2.1.3.0
oracle/weblogic_server 12.2.1.4.0
oracle/weblogic_server 14.1.1.0.0
Published Nov 02, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026