Lucene search
K

Oracle WebLogic Server - Remote Code Execution

🗓️ 25 Jun 2026 01:31:50Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 174 Views

Oracle WebLogic Server - Remote Code Execution vulnerability foun

Related
Refs
Code
ReporterTitlePublishedViews
Family
Gitee
Exploit for CVE-2020-2551
19 Jun 202014:05
gitee
Gitee
Exploit for CVE-2020-2551
2 Mar 202014:57
gitee
Gitee
Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform
8 Dec 202020:38
gitee
Gitee
Exploit for CVE-2020-2551
31 Aug 202001:22
gitee
Gitee
Exploit for Code Injection in Microsoft
27 Nov 202010:59
gitee
Gitee
Exploit for CVE-2020-2551
28 Jul 202009:36
gitee
Gitee
Exploit for CVE-2020-2551
8 Dec 202016:37
gitee
Gitee
Exploit for CVE-2020-2551
20 Jun 202017:04
gitee
Gitee
Exploit for CVE-2020-2551
19 May 202010:45
gitee
Gitee
Exploit for Code Injection in Microsoft
25 Nov 202023:04
gitee
Rows per page
id: CVE-2020-2551

info:
  name: Oracle WebLogic Server - Remote Code Execution
  author: dwisiswant0
  severity: critical
  description: |
    Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
  remediation: |
    Apply the latest security patches provided by Oracle to mitigate this vulnerability.
  reference:
    - https://github.com/hktalent/CVE-2020-2551
    - https://nvd.nist.gov/vuln/detail/CVE-2020-2551
    - https://www.oracle.com/security-alerts/cpujan2020.html
    - https://github.com/neilzhang1/Chinese-Charts
    - https://github.com/pjgmonteiro/Pentest-tools
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-2551
    epss-score: 0.93168
    epss-percentile: 0.99819
    cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: oracle
    product: weblogic_server
    shodan-query:
      - http.title:"oracle peoplesoft sign-in"
      - product:"oracle weblogic"
    fofa-query: title="oracle peoplesoft sign-in"
    google-query: intitle:"oracle peoplesoft sign-in"
  tags: cve2020,cve,oracle,weblogic,rce,unauth,kev,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/console/login/LoginForm.jsp"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "10.3.6.0"
          - "12.1.3.0"
          - "12.2.1.3"
          - "12.2.1.4"
        condition: or

      - type: word
        part: body
        words:
          - "WebLogic"

      - type: status
        status:
          - 200
# digest: 4a0a0047304502206432fa391dfc51597d61c15b32e3c8d1d65f440958e8b8d0cdbbd5ff94454e6b022100ca8fa374be2267ba218c0942aeb7d1399bc963a5a80e9f192d7c4ef37d7230b9:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
8.1High risk
Vulners AI Score8.1
CVSS 27.5
CVSS 3.19.8
CVSS 39.8
EPSS0.93168
SSVC
174