CVE-2020-14750

CRITICAL KEV NUCLEI

Oracle WebLogic Server <14.1.1.0.0 - RCE

Title source: llm

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (3)

nomisec WORKING POC 48 stars
by pprietosanchez · remote
https://github.com/pprietosanchez/CVE-2020-14750
nomisec WORKING POC
by kkhacklabs · remote
https://github.com/kkhacklabs/CVE-2020-14750
vulncheck_xdb SCANNER
remote
https://github.com/0xn0ne/weblogicScanner

Nuclei Templates (1)

Oracle WebLogic Server - Remote Command Execution
CRITICALVERIFIEDby princechaddha,DhiyaneshDk
Shodan: http.html:"Weblogic Application Server" || http.title:"weblogic" || http.html:"weblogic application server"
FOFA: title="weblogic" || body="weblogic application server"

References (3)

Scores

CVSS v3 9.8
EPSS 0.9444
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-08-04
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2020-6886
Status published
Products (5)
oracle/weblogic_server 10.3.6.0.0
oracle/weblogic_server 12.1.3.0.0
oracle/weblogic_server 12.2.1.3.0
oracle/weblogic_server 12.2.1.4.0
oracle/weblogic_server 14.1.1.0.0
Published Nov 02, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026