Published: 15/01/2020 Updated: 30/06/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 674

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle weblogic server 12.1.3.0.0
oracle weblogic server 10.3.6.0.0

Yo, sysadmins! Thought Patch Tuesday was big? Oracle says 'hold my Java' with huge 334 security flaw fix bundle

The Register • Shaun Nichols in San Francisco • 15 Jan 2020

House of Larry delivers massive update for 93 products Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should

Oracle has released a sweeping set of security patches across the breadth of its software line. The January update, delivered one day after Microsoft, Intel, Adobe, and others dropped their scheduled monthly patches, addresses a total of 334 security vulnerabilities across 93 different products from the enterprise giant. As you may imagine, most IT admins will only need to test and apply a handful of the updates for their specific platforms. For Oracle's flagship Database Server, the update incl...

CVE-2020-2546

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect