logo

CVE-2020-14644 - Oracle WebLogic Server Remote Code Execution Vulnerability

CVE-2020-14644

Oracle | WebLogic Server

  • Date Added:
  • 2024-09-18
  • Due Date:
  • 2024-10-09
Vulnerability Name

Oracle WebLogic Server Remote Code Execution Vulnerability

Description

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes
https://www.oracle.com/security-alerts/cpujul2020.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-14644
Related News Articles

Free security scan for your website