Lucene search
K

238 matches found

Prion
Prion
added 2020/07/14 1:15 p.m.25 views

Server side request forgery (ssrf)

SAP NetWeaver AS JAVA IIOP service SERVERCORE, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA IIOP service CORE-TOOLS, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually use...

5CVSS5.6AI score0.01148EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/07/14 12:30 p.m.52 views

CVE-2020-6282

CVE-2020-6282 affects SAP NetWeaver AS JAVA (IIOP service) in SERVERCORE and CORE-TOOLS across SAP NetWeaver JAVA versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. The vulnerability enables Server-Side Request Forgery (SSRF) by sending a crafted request from a vulnerable web application, typical...

5.8CVSS5.6AI score0.01148EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/06/26 12:0 a.m.36 views

Oracle Coherence (Apr 2020 CPU)

The version of the tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities, as referenced in the April 2020 Oracle CPU advisory. - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Caching,...

9.8CVSS7.2AI score0.01961EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2020/06/05 12:0 a.m.37 views

IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. The issue results from the lack of proper...

7.5CVSS0.8AI score0.03932EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/06/05 12:0 a.m.41 views

IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. The issue results from the lack of proper validation of...

9.8CVSS3AI score0.33937EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2020/05/24 2:56 a.m.178 views

Exploit for CVE-2020-2551

WebLogic-CVE-2020-2551-To-Internet CVE-2020-2551: POC fo...

9.8CVSS7.8AI score0.99448EPSS
Exploits83
Gitee
Gitee
added 2020/05/19 10:45 a.m.7 views

Exploit for CVE-2020-2551

CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...

9.8CVSS9.5AI score0.93168EPSS
Exploits18
NVD
NVD
added 2020/04/15 2:15 p.m.25 views

CVE-2020-2884

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...

9.8CVSS9.3AI score0.02232EPSS
Exploits0References1
OSV
OSV
added 2020/04/15 2:15 p.m.3 views

CVE-2020-2884

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...

9.8CVSS7.3AI score0.02232EPSS
Exploits0References1
NVD
NVD
added 2020/04/15 2:15 p.m.25 views

CVE-2020-2883

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...

9.8CVSS9.3AI score0.94928EPSS
Exploits11References5
OSV
OSV
added 2020/04/15 2:15 p.m.3 views

CVE-2020-2801

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...

9.8CVSS7.3AI score0.02569EPSS
Exploits0References1
Prion
Prion
added 2020/04/15 2:15 p.m.18 views

Code injection

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...

7.5CVSS9.1AI score0.02569EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/04/15 2:15 p.m.17 views

Design/Logic Flaw

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Caching, CacheStore, Invocation. Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

7.5CVSS9.1AI score0.01961EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/04/15 2:15 p.m.14 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via IIOP, T3 to...

6.5CVSS7.1AI score0.01384EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/04/15 2:15 p.m.12 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...

7.5CVSS9.1AI score0.02232EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/04/15 1:29 p.m.75 views

CVE-2020-2963

CVE-2020-2963 affects Oracle WebLogic Server (Web Services component). Affected versions: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. Root cause involves insecure handling of WebLogic Web Services requests over IIOP/T3, enabling a high-privilege attacker with network access to compromise the ...

7.2CVSS7AI score0.01384EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/04/15 1:29 p.m.168 views

CVE-2020-2915

CVE-2020-2915 affects Oracle Coherence within Oracle Fusion Middleware (Caching, CacheStore, Invocation). Affected versions are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. The issue allows an unauthenticated attacker with network access via IIOP/T3 to compromise Oracle Coherence, potentially tak...

9.8CVSS9AI score0.01961EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/04/15 1:29 p.m.190 views

CVE-2020-2884

CVE-2020-2884 affects Oracle WebLogic Server (Core) in Oracle Fusion Middleware. Affected versions are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. The vulnerability enables unauthenticated remote compromise over IIOP/T3, with the potential takeover of WebLogic Server (high/critical impact ...

9.8CVSS9.1AI score0.02232EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2020/04/15 1:29 p.m.21 views

CVE-2020-2883

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...

9.8CVSS7.4AI score0.94928EPSS
Exploits11References4
Cvelist
Cvelist
added 2020/04/15 1:29 p.m.24 views

CVE-2020-2884

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...

9.8CVSS9.3AI score0.02232EPSS
Exploits0References1
Rows per page
Query Builder