CVE-2024-20931

HIGH

Oracle Weblogic Server - Improper Access Control

Title source: rule

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Exploits (4)

nomisec WORKING POC 76 stars

by GlassyAmadeus · poc

https://github.com/GlassyAmadeus/CVE-2024-20931

View Code ZIP pw:eip

nomisec WORKING POC 62 stars

by dinosn · poc

https://github.com/dinosn/CVE-2024-20931

View Code ZIP pw:eip

nomisec STUB 1 stars

by Leocodefocus · poc

https://github.com/Leocodefocus/CVE-2024-20931-Poc

View Code ZIP pw:eip

nomisec NO CODE 1 stars

by ATonysan · poc

https://github.com/ATonysan/CVE-2024-20931_weblogic

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.oracle.com/security-alerts/cpujan2024.html

Scores

CVSS v3 7.5

EPSS 0.8962

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-284

Status published

Products (2)

oracle/weblogic_server 12.2.1.4.0

oracle/weblogic_server 14.1.1.0.0

Published Feb 17, 2024

Tracked Since Feb 18, 2026