⚠ Actively exploited
Added to CISA KEV on 2024-09-18. Federal agencies required to patch by 2024-10-09. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2020-14644 — Corporation Weblogic Server vulnerability
10 documents10 sources
Severity
9.8CRITICALNVD
EPSS
93.6%
top 0.16%
CISA KEV
KEV
Added 2024-09-18
Due 2024-10-09
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJul 15
KEV addedSep 18
KEV dueOct 9
Latest updateJan 27
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (C…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
🔴Vulnerability Details
3💥Exploits & PoCs
1Nuclei▶
Oracle WebLogic Server - Remote Code Execution (Insecure Deserialization)
🔍Detection Rules
1Suricata▶
ET WEB_SERVER Oracle WebLogic Server Remote Code Execution via Insecure Deserialization (CVE-2020-14644)↗2026-01-27