Lucene search

CVE-2020-14882

🗓️ 21 Oct 2020 15:25:15Reported by oracleType

cve🔗 web.nvd.nist.gov📰️ 36 Media mentions👁 1509 Views🌐 WEB

Vulnerability in Oracle WebLogic Server Consol

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 78
Cvelist	CVE-2020-14882	21 Oct 202014:04	–	cvelist
Tenable Nessus	Oracle WebLogic Server RCE (CVE-2020-14882)	6 Nov 202000:00	–	nessus
Tenable Nessus	Oracle WebLogic Server Multiple Vulnerabilities (Oct 2020 CPU)	22 Oct 202000:00	–	nessus
GithubExploit	Exploit for CVE-2020-14882	1 Nov 202013:12	–	githubexploit
GithubExploit	Exploit for CVE-2020-14882	25 Feb 202112:57	–	githubexploit
GithubExploit	Exploit for CVE-2020-14882	10 May 202121:32	–	githubexploit
GithubExploit	Exploit for CVE-2020-14882	29 Oct 202015:44	–	githubexploit
GithubExploit	Exploit for Vulnerability in Oracle Weblogic Server	9 Nov 202013:02	–	githubexploit
GithubExploit	Exploit for CVE-2020-14882	5 Nov 202013:12	–	githubexploit
GithubExploit	Exploit for CVE-2020-14882	3 Nov 202011:34	–	githubexploit

Nvd

Vulners

Node

oracle weblogic_serverMatch10.3.6.0.0

oracle weblogic_serverMatch12.1.3.0.0

oracle weblogic_serverMatch12.2.1.3.0

oracle weblogic_serverMatch12.2.1.4.0

oracle weblogic_serverMatch14.1.1.0.0

[
  {
    "product": "WebLogic Server",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "10.3.6.0.0"
      },
      {
        "status": "affected",
        "version": "12.1.3.0.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.4.0"
      },
      {
        "status": "affected",
        "version": "14.1.1.0.0"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/161128/Oracle-WebLogic-Server-12.2.1.0-Remote-Code-Execution.html
packetstormsecurity	www.packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html
packetstormsecurity	www.packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html
oracle	www.oracle.com/security-alerts/cpuoct2020.html

Parameter	Position	Path	Description	CWE
_nfpb	query param	/console/images/%252E%252E%252Fconsole.portal	Unauthenticated remote code execution vulnerability in Oracle WebLogic Server allowing an attacker to execute arbitrary commands.	CWE-94, CWE-20
_pageLabel	query param	/console/images/%252E%252E%252Fconsole.portal	Unauthenticated remote code execution vulnerability in Oracle WebLogic Server allowing an attacker to execute arbitrary commands.	CWE-94, CWE-20
handle	query param	/console/images/%252E%252E%252Fconsole.portal	Unauthenticated remote code execution vulnerability in Oracle WebLogic Server allowing an attacker to execute arbitrary commands.	CWE-94, CWE-20

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Oct 2020 15:15Current

9.7High risk

Vulners AI Score9.7

CVSS210

CVSS39.8

EPSS0.94454

In Wild