| VID |
22989 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The remote Oracle WebLogic Server is version 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, there for following vulnerabilities exist.
- Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. (CVE-2020-14625, CVE-2020-14644, CVE-2020-14825)
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. (CVE-2020-14882, CVE-2021-2109)
* References:
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.zerodayinitiative.com/advisories/ZDI-20-885/
https://www.oracle.com/security-alerts/cpujul2020.html
* Platforms Affected:
WebLogic Server 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 version |
| Recommendation |
Upgrade WebLogic Server 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 later |
| Related URL |
CVE-2020-14625,CVE-2020-14644,CVE-2020-14882,CVE-2020-14825,CVE-2021-2109 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
