CVE-2024-20931

HIGH

Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Unauthorized Data Access via T3/IIOP

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2024-20931. PoCs published by GlassyAmadeus, dinosn, Leocodefocus.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2024-20931, demonstrating a JNDI injection vulnerability in Oracle WebLogic Server. The exploit leverages the ForeignOpaqueReference class to perform remote code execution via malicious JNDI lookups.

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Exploits (4)

nomisec WORKING POC 76 stars
by GlassyAmadeus · poc
https://github.com/GlassyAmadeus/CVE-2024-20931

This repository contains a functional exploit PoC for CVE-2024-20931, demonstrating a JNDI injection vulnerability in Oracle WebLogic Server. The exploit leverages the ForeignOpaqueReference class to perform remote code execution via malicious JNDI lookups.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server
No auth needed
Prerequisites: Access to a vulnerable WebLogic Server instance · Network connectivity to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 62 stars
by dinosn · poc
https://github.com/dinosn/CVE-2024-20931

This is a working PoC for CVE-2024-20931, a bypass of the patch for CVE-2023-21839 in Oracle WebLogic. It exploits a JNDI injection vulnerability to achieve remote code execution by leveraging a malicious LDAP server.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server (patched versions affected by CVE-2023-21839)
No auth needed
Prerequisites: Access to a vulnerable Oracle WebLogic instance · A malicious JNDI/LDAP server (e.g., JNDIExploit) · Java 8 environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB 1 stars
by Leocodefocus · poc
https://github.com/Leocodefocus/CVE-2024-20931-Poc

The repository contains only a minimal README with no exploit code or technical details. It is a placeholder with no functional content.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.5968
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (2)
oracle/weblogic_server 12.2.1.4.0
oracle/weblogic_server 14.1.1.0.0
Published Feb 17, 2024
Tracked Since Feb 18, 2026