238 matches found
Server side request forgery (ssrf)
SAP NetWeaver AS JAVA IIOP service SERVERCORE, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA IIOP service CORE-TOOLS, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually use...
CVE-2020-6282
CVE-2020-6282 affects SAP NetWeaver AS JAVA (IIOP service) in SERVERCORE and CORE-TOOLS across SAP NetWeaver JAVA versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. The vulnerability enables Server-Side Request Forgery (SSRF) by sending a crafted request from a vulnerable web application, typical...
Oracle Coherence (Apr 2020 CPU)
The version of the tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities, as referenced in the April 2020 Oracle CPU advisory. - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Caching,...
IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. The issue results from the lack of proper...
IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. The issue results from the lack of proper validation of...
Exploit for CVE-2020-2551
WebLogic-CVE-2020-2551-To-Internet CVE-2020-2551: POC fo...
Exploit for CVE-2020-2551
CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...
CVE-2020-2884
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...
CVE-2020-2884
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...
CVE-2020-2883
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...
CVE-2020-2801
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...
Code injection
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...
Design/Logic Flaw
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Caching, CacheStore, Invocation. Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Design/Logic Flaw
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via IIOP, T3 to...
Design/Logic Flaw
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...
CVE-2020-2963
CVE-2020-2963 affects Oracle WebLogic Server (Web Services component). Affected versions: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. Root cause involves insecure handling of WebLogic Web Services requests over IIOP/T3, enabling a high-privilege attacker with network access to compromise the ...
CVE-2020-2915
CVE-2020-2915 affects Oracle Coherence within Oracle Fusion Middleware (Caching, CacheStore, Invocation). Affected versions are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. The issue allows an unauthenticated attacker with network access via IIOP/T3 to compromise Oracle Coherence, potentially tak...
CVE-2020-2884
CVE-2020-2884 affects Oracle WebLogic Server (Core) in Oracle Fusion Middleware. Affected versions are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. The vulnerability enables unauthenticated remote compromise over IIOP/T3, with the potential takeover of WebLogic Server (high/critical impact ...
CVE-2020-2883
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...
CVE-2020-2884
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...