CVE-2020-2546

CRITICAL

Oracle WebLogic Server <12.1.3.0.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-2546. PoCs published by hktalent.

AI-analyzed exploit summary This repository provides a writeup and code snippets for exploiting multiple WebLogic vulnerabilities, including CVE-2020-2546, via deserialization and RMI-based attacks. It includes payload examples and references to related CVEs but lacks a complete, executable PoC.

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (1)

nomisec WRITEUP 133 stars

by hktalent · poc

https://github.com/hktalent/CVE_2020_2546

View Code ZIP pw:eip

This repository provides a writeup and code snippets for exploiting multiple WebLogic vulnerabilities, including CVE-2020-2546, via deserialization and RMI-based attacks. It includes payload examples and references to related CVEs but lacks a complete, executable PoC.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Oracle WebLogic Server

No auth needed

Prerequisites: Network access to vulnerable WebLogic server · Knowledge of target environment

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujan2020.html

Scores

CVSS v3 9.8

EPSS 0.0513

EPSS Percentile 91.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

Status published

Products (2)

oracle/weblogic_server 10.3.6.0.0

oracle/weblogic_server 12.1.3.0.0

Published Jan 15, 2020

Tracked Since Feb 18, 2026