CVE-2020-2884

CRITICAL

Oracle WebLogic Server <12.2.1.4 - RCE

Title source: llm

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (1)

gitlab

by java-exploit · poc

https://gitlab.com/penetration-test-learn/10vuln/java-exploit/CVE_2020_2546

View on gitlab

References (1)

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuapr2020.html

Scores

CVSS v3 9.8

EPSS 0.0387

EPSS Percentile 88.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (4)

oracle/weblogic_server 10.3.6.0.0

oracle/weblogic_server 12.1.3.0.0

oracle/weblogic_server 12.2.1.3.0

oracle/weblogic_server 12.2.1.4.0

Published Apr 15, 2020

Tracked Since Feb 18, 2026