Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv3

CVE-2020-14883

Published: 21/10/2020 Updated: 12/07/2022
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 803
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Oracle

Vulnerability Summary

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle weblogic server 12.1.3.0.0

oracle weblogic server 10.3.6.0.0

oracle weblogic server 12.2.1.3.0

oracle weblogic server 12.2.1.4.0

oracle weblogic server 14.1.1.0.0

Github Repositories

https://github.com/fan1029/CVE-2020-14883EXP

用于对WebLogic(10.3.6.0.0 ;12.1.3.0.0 ;12.2.1.3.0; 12.2.1.4.0 ;14.1.1.0.0)进行验证及利用

CVE-2020-14883EXP 用于对WebLogic(103600 ;121300 ;122130; 122140 ;141100)进行验证及利用,请勿用于非法用途。 键入IP+端口即可开始验证(eg 127001:7001) 支持远程xml命令执行 103600外的其他版本提供两种利用方式 验证成功即可进入命令模式 批量验证成功会自动保存

https://github.com/c04tl/WebLogic-Handle-RCE-Scanner

Escaners para vulnerabilidades RCE de Oracle WebLogic

Escanners para CVE-2020-14882, CVE-2020-14883, CVE-2020-14750 de Oracle WebLogic Escanners en diferentes lenguajes para detectar estos CVE's en las consolas de administración de Oracle WebLogic a través de path traversal Nuclei Para la plantilla de nuclei se debe utilizar la siguiente sintaxis: nuclei -u IP:PUERTO/ -t WebLogic-RCE-Scanneryaml

https://github.com/murataydemir/CVE-2020-14883

[CVE-2020-14882] Oracle WebLogic Server Authenticated Remote Code Execution (RCE)

[CVE-2020-14883] Oracle WebLogic Server Authenticated Remote Code Execution (RCE) Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console) Supported versions that are affected are 103600, 121300, 122130, 122140 and 141100 Easily exploitable vulnerability allows unauthenticated attacker with network access via HT

https://github.com/B1anda0/CVE-2020-14883

Weblogic 身份认证绕过漏洞批量检测脚本

CVE-2020-14883 Weblogic 身份认证绕过漏洞批量检测脚本 使用方法: Python CVE-2020-14883-Multiplepy iptxt port 存在漏洞的地址会输出在Vultxt中

https://github.com/Hughwiki/pocsuite3-pocs

pocsuite3-pocs 1、 安装 Pocsuite3 基于 Python3 开发,可以运行在支持 Python 37+ 的任何平台上,例如 Linux、Windows、MacOS、BSD 等。 2021 年 11 月,Pocsuite3 通过了 Debian 官方的代码及合规检查,正式加入 Debian、Ubuntu、Kali 等 Linux 发行版的软件仓库,可以通过 apt 命令一键获取。此外,Pocsuite3 也已经

https://github.com/N0Coriander/CVE-2020-14882-14883

结合14882的未授权访问漏洞,通过14883可远程执行任意代码

CVE-2020-14882&14883 Weblogic是Oracle公司推出的J2EE应用服务器,CVE-2020-14882 是一个 Console 的未授权访问漏洞,漏洞等级被评为严重,漏洞评分:98。而 CVE-2020-14883 是在利用未授权访问的前提下,在 Console 进行代码执行,于是远程攻击者可以构造特殊的 HTTP 请求,在未经身份验证的情况下

https://github.com/Osyanina/westone-CVE-2020-14883-scanner

A vulnerability scanner that detects CVE-2020-14883 vulnerabilities.

westone-CVE-2020-14883-scanner A remote attacker can construct a special HTTP request to take over the WebLogic Server Console without authentication Installation & Usage git clone githubcom/Osyanina/westone-CVE-2020-14883-scannergit cd westone-CVE-2020-14883-scanner cmd CVE-2020-14883exe Impact version Oracle WebLogic Server version 10360 Oracle WebLogic

https://github.com/cri1wa/MemShell

支持常见中间件无文件落地冰蝎内存马注入&&文件上传agent冰蝎马注入

MemShell 免责声明 本工具旨在帮助企业快速定位漏洞修复漏洞,仅限授权安全测试使用! 严格遵守《中华人民共和国网络安全法》,禁止未授权非法攻击站点! 使用场景 冰蝎默认密码Crilwa,添加请求头D0g3:xxx 代码执行,例如可以调用URLClassLoader远程加载类,便可以无文件落地注入内存马。 目

References

NVD-CWE-Otherhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttp://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://github.com/fan1029/CVE-2020-14883EXP
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook