CVE-2020-2801

🗓️ 15 Apr 2020 13:29:46Reported by oracleType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 288 Views

Vulnerability in Oracle WebLogic Server allows takeove

Reporter	Title	Published	Views	Family All 15
CBLMariner	CVE-2020-2801 affecting package openjdk8 1.8.0.332-1	12 Jan 202509:15	–	cbl_mariner
Circl	CVE-2020-2801	13 Mar 202322:21	–	circl
CNVD	Oracle Fusion Middleware WebLogic Server Remote Code Execution Vulnerability	16 Apr 202000:00	–	cnvd
Check Point Advisories	Oracle Fusion Middleware WebLogic Server Insecure Deserialization (CVE-2020-2883; CVE-2020-2546; CVE-2020-2798; CVE-2020-2801; CVE-2020-2884)	4 May 202000:00	–	checkpoint_advisories
Cvelist	CVE-2020-2801	15 Apr 202013:29	–	cvelist
EUVD	EUVD-2020-22594	7 Oct 202500:30	–	euvd
Microsoft CVE	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. Note: The patch for this issue will address the vulnerability only if the WLS instance is using JDK 1.7.0_191 or later, or JDK 1.8.0_181 or later. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).	2 Oct 202506:11	–	mscve
NVD	CVE-2020-2801	15 Apr 202014:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - April 2020	14 Apr 202000:00	–	oracle
Tenable Nessus	Oracle WebLogic Server Multiple Vulnerabilities (Apr 2020 CPU)	16 Apr 202000:00	–	nessus

NVD

Vulners

Node

oracle weblogic_serverMatch10.3.6.0.0

oracle weblogic_serverMatch12.1.3.0.0

oracle weblogic_serverMatch12.2.1.3.0

oracle weblogic_serverMatch12.2.1.4.0

AND

oracle jdkMatch1.7.0update191

oracle jdkMatch1.7.0update191_b31

oracle jdkMatch1.7.0update191_b32

oracle jdkMatch1.7.0update2

oracle jdkMatch1.7.0update201

oracle jdkMatch1.7.0update201_b31

oracle jdkMatch1.7.0update21

oracle jdkMatch1.7.0update21_b31

oracle jdkMatch1.7.0update211

oracle jdkMatch1.7.0update211_b31

oracle jdkMatch1.7.0update211_b32

oracle jdkMatch1.7.0update221

oracle jdkMatch1.7.0update221_b31

oracle jdkMatch1.7.0update221_b32

oracle jdkMatch1.7.0update221_b34

oracle jdkMatch1.7.0update221_b35

oracle jdkMatch1.7.0update231

oracle jdkMatch1.7.0update231_b32

oracle jdkMatch1.7.0update241

oracle jdkMatch1.7.0update241_b31

oracle jdkMatch1.7.0update25

oracle jdkMatch1.7.0update25_b33

oracle jdkMatch1.7.0update25_b34

oracle jdkMatch1.7.0update25_b35

oracle jdkMatch1.7.0update251

oracle jdkMatch1.7.0update261

oracle jdkMatch1.7.0update271

oracle jdkMatch1.7.0update271_b31

oracle jdkMatch1.7.0update281

oracle jdkMatch1.7.0update281_b32

oracle jdkMatch1.7.0update281_b33

oracle jdkMatch1.7.0update291

oracle jdkMatch1.7.0update291_b31

oracle jdkMatch1.7.0update291_b32

oracle jdkMatch1.7.0update3

oracle jdkMatch1.7.0update301

oracle jdkMatch1.7.0update301_b31

oracle jdkMatch1.7.0update311_b31

oracle jdkMatch1.7.0update321

oracle jdkMatch1.7.0update321_b31

oracle jdkMatch1.7.0update331

oracle jdkMatch1.7.0update341

oracle jdkMatch1.7.0update341_b31

oracle jdkMatch1.7.0update343

oracle jdkMatch1.7.0update343_b31

oracle jdkMatch1.7.0update4

oracle jdkMatch1.7.0update40

oracle jdkMatch1.7.0update45

oracle jdkMatch1.7.0update45_b31

oracle jdkMatch1.7.0update45_b32

oracle jdkMatch1.7.0update45_b33

oracle jdkMatch1.7.0update45_b34

oracle jdkMatch1.7.0update5

oracle jdkMatch1.7.0update51

oracle jdkMatch1.7.0update51_b31

oracle jdkMatch1.7.0update51_b32

oracle jdkMatch1.7.0update51_b33

oracle jdkMatch1.7.0update55

oracle jdkMatch1.7.0update55_b31

oracle jdkMatch1.7.0update55_b32

oracle jdkMatch1.7.0update55_b33

oracle jdkMatch1.7.0update55_b35

oracle jdkMatch1.7.0update6

oracle jdkMatch1.7.0update60

oracle jdkMatch1.7.0update60_b32

oracle jdkMatch1.7.0update60_b33

oracle jdkMatch1.7.0update65

oracle jdkMatch1.7.0update65_b33

oracle jdkMatch1.7.0update67

oracle jdkMatch1.7.0update67_b31

oracle jdkMatch1.7.0update67_b34

oracle jdkMatch1.7.0update7

oracle jdkMatch1.7.0update7_b32

oracle jdkMatch1.7.0update71

oracle jdkMatch1.7.0update72

oracle jdkMatch1.7.0update72_b31

oracle jdkMatch1.7.0update72_b32

oracle jdkMatch1.7.0update72_b33

oracle jdkMatch1.7.0update75

oracle jdkMatch1.7.0update76

oracle jdkMatch1.7.0update76_b32

oracle jdkMatch1.7.0update76_b33

oracle jdkMatch1.7.0update76_b34

oracle jdkMatch1.7.0update76_b35

oracle jdkMatch1.7.0update76_b36

oracle jdkMatch1.7.0update76_b37

oracle jdkMatch1.7.0update76_b38

oracle jdkMatch1.7.0update79

oracle jdkMatch1.7.0update80

oracle jdkMatch1.7.0update80_b33

oracle jdkMatch1.7.0update80_b35

oracle jdkMatch1.7.0update85

oracle jdkMatch1.7.0update85_b31

oracle jdkMatch1.7.0update85_b33

oracle jdkMatch1.7.0update85_b34

oracle jdkMatch1.7.0update9

oracle jdkMatch1.7.0update9_b31

oracle jdkMatch1.7.0update9_b32

oracle jdkMatch1.7.0update91

oracle jdkMatch1.7.0update91_b17

oracle jdkMatch1.7.0update91_b32

oracle jdkMatch1.7.0update91_b33

oracle jdkMatch1.7.0update95

oracle jdkMatch1.7.0update95_b13

oracle jdkMatch1.7.0update95_b31

oracle jdkMatch1.7.0update95_b32

oracle jdkMatch1.7.0update97

oracle jdkMatch1.7.0update97_b31

oracle jdkMatch1.7.0update97_b32

oracle jdkMatch1.7.0update97_b33

oracle jdkMatch1.7.0update99

oracle jdkMatch1.7.0update99_b31

oracle jdkMatch1.8.0update181

oracle jdkMatch1.8.0update182

oracle jdkMatch1.8.0update191

oracle jdkMatch1.8.0update192

oracle jdkMatch1.8.0update20

oracle jdkMatch1.8.0update201

oracle jdkMatch1.8.0update202

oracle jdkMatch1.8.0update211

oracle jdkMatch1.8.0update212

oracle jdkMatch1.8.0update221

oracle jdkMatch1.8.0update231

oracle jdkMatch1.8.0update241

oracle jdkMatch1.8.0update25

oracle jdkMatch1.8.0update251

oracle jdkMatch1.8.0update252

oracle jdkMatch1.8.0update261

oracle jdkMatch1.8.0update271

oracle jdkMatch1.8.0update281

oracle jdkMatch1.8.0update291

oracle jdkMatch1.8.0update301

oracle jdkMatch1.8.0update31

oracle jdkMatch1.8.0update311

oracle jdkMatch1.8.0update321

oracle jdkMatch1.8.0update331

oracle jdkMatch1.8.0update333

oracle jdkMatch1.8.0update341

oracle jdkMatch1.8.0update345enterprise_performance_pack

oracle jdkMatch1.8.0update40

oracle jdkMatch1.8.0update45

oracle jdkMatch1.8.0update5

oracle jdkMatch1.8.0update51

oracle jdkMatch1.8.0update6

oracle jdkMatch1.8.0update60

oracle jdkMatch1.8.0update65

oracle jdkMatch1.8.0update66

oracle jdkMatch1.8.0update71

oracle jdkMatch1.8.0update72

oracle jdkMatch1.8.0update73

oracle jdkMatch1.8.0update74

oracle jdkMatch1.8.0update77

oracle jdkMatch1.8.0update91

oracle jdkMatch1.8.0update92

[
  {
    "product": "WebLogic Server",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "10.3.6.0.0"
      },
      {
        "status": "affected",
        "version": "12.1.3.0.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.4.0"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpuapr2020.html

21 Nov 2024 05:26Current

9.2High risk

Vulners AI Score9.2

CVSS 27.5

CVSS 3.19.8

CVSS 39.8

EPSS0.0449

SSVC