Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2020-14750

Published: 02/11/2020 Updated: 01/07/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Oracle

Vulnerability Summary

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle fusion middleware 12.1.3.0

oracle fusion middleware 10.3.6.0

oracle fusion middleware 12.2.1.3.0

oracle fusion middleware 12.2.1.4.0

oracle fusion middleware 14.1.1.0.0

Github Repositories

https://github.com/c04tl/WebLogic-Handle-RCE-Scanner

Escaners para vulnerabilidades RCE de Oracle WebLogic

Escanners para CVE-2020-14882, CVE-2020-14883, CVE-2020-14750 de Oracle WebLogic Escanners en diferentes lenguajes para detectar estos CVE's en las consolas de administración de Oracle WebLogic a través de path traversal Nuclei Para la plantilla de nuclei se debe utilizar la siguiente sintaxis: nuclei -u IP:PUERTO/ -t WebLogic-RCE-Scanneryaml

https://github.com/corelight/CVE-2020-14882-weblogicRCE

Detection of RCE in Oracle's WebLogic Server CVE-2020-14882 / CVE-2020-14750

Detection of RCE in Oracle's "WebLogic Server" CVE-2020-14882 / CVE-2020-14750 Summary: Detection of attempts to exploit CVE-2020-14882 and CVE-2020-14750 - Unauthenticated RCE in Oracle's Weblogic Server References: Oracle's advisories: CVE-2020-14882 wwworaclecom/security-alerts/cpuoct2020traditionalhtml CVE-2020-14750 wwworacle

https://github.com/pprietosanchez/CVE-2020-14750

PoC para las vulnerabilidades CVE-2020-14750 y cve-2020-14882

CVE-2020-14750 PoC para las vulnerabilidades CVE-2020-14750 y cve-2020-14882 Para probar si un sistema es vulnerable usar: /test-CVE-2020-14750 nombredelhost:7001 De momento, en esta versión, sólo garantiza si el host es vulnerable, si el resultado es negativo no es garantía de que no sea vulnerable, se implementará en siguientes versiones Actualiz

https://github.com/njob45/hacking

Poc from gitdatabase

CVE-2020-14750 PoC para las vulnerabilidades CVE-2020-14750 y cve-2020-14882 Para probar si un sistema es vulnerable usar: /test-CVE-2020-14750 nombredelhost:7001 De momento, en esta versión, sólo garantiza si el host es vulnerable, si el resultado es negativo no es garantía de que no sea vulnerable, se implementará en siguientes versiones Para su

https://github.com/jas502n/CVE-2020-14882

CVE-2020–14882、CVE-2020–14883

CVE-2020–14882 Weblogic Unauthorized bypass RCE bypass patch with CVE-2020–14882 private static final String[] IllegalUrl = new String[]{";", "%252E%252E", "%2E%2E", "", "%3C", "%3E", "<", ">"}; list %252E%252E %2E%2E %3E %3C ; < >

https://github.com/jas502n/Weblogic

CVE-2020–14882、CVE-2020–14883

CVE-2020–14882 Weblogic Unauthorized bypass RCE bypass patch with CVE-2020–14882 private static final String[] IllegalUrl = new String[]{";", "%252E%252E", "%2E%2E", "", "%3C", "%3E", "<", ">"}; list %252E%252E %2E%2E %3E %3C ; < >

https://github.com/rabbitsafe/CVE-2021-2109

CVE-2021-2109 Weblogic Server远程代码执行漏洞复现及分析 2021年1月Oracle发布了安全更新补丁,包含Oracle产品系列中的329个新安全补丁。此次公告中特别提到了,2020年11月1日发布的Oracle WebLogic Server关于CVE-2020-14750漏洞的安全公告。强烈建议客户应用此补丁更新,及此公告中的其他补丁。CVE编号CV

Recent Articles

Oracle patches severe flaw in WebLogic Server that could be exploited 'without the need for a username and password'
The Register • Lindsay Clark • 03 Nov 2020

D'oh! If only they'd seen bug before issuing those 402 other fixes If you haven't patched WebLogic server console flaws in the last eight days 'assume it has been compromised'

Oracle has released an emergency patch after a security vulnerability was revealed in its WebLogic middleware last week. The security alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. "This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. It is remotely exploitable without authentication, i.e. may be exploited over a network without the need for a username and password," Oracle said in a secu...

Read more...

References

NVD-CWE-noinfohttps://www.oracle.com/security-alerts/alert-cve-2020-14750.htmlhttp://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://www.theregister.co.uk/2020/11/03/oracle_weblogic_server_rce_patch/https://github.com/c04tl/WebLogic-Handle-RCE-Scanner
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook