Vulnerability identifier: #VU48016

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-14882

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 41

• July 19, 2023
  • CVE-2020-14882 (This script allows for remote code execution (RCE) on Oracle WebLogic Server) [Github]
• April 28, 2023
  • CVE-2020-14882 (CVE-2020-14882 rewritten in PowerShell) [Github]
• April 11, 2023
  • CVE-2020-14882 () [Github]
• February 26, 2023
  • CVE-2020-14882_ALL (综合利用工具) [Github]
• January 2, 2023
  • CVE-2020-14882- () [Github]
• September 26, 2022
  • StudyRoom ( Repository created for study and POC's on vulnerabilities.) [Github]
• March 14, 2022
  • CVE-2020-14882 (CVE-2020-14882部署冰蝎内存马) [Github]
• December 16, 2021
  • CVE-2020-14882 (CVE-2020-14882 Weblogic-Exp) [Github]
• July 4, 2021
  • CVE-2020-14882-14883 (结合14882的未授权访问漏洞，通过14883可远程执行任意代码) [Github]
• May 12, 2021
  • CVE-2020-14882-WebLogic (Check YouTube - https://youtu.be/O0ZnLXRY5Wo) [Github]
  • CodeTest (CodeTest信息收集和漏洞利用工具，可在进行渗透测试之时方便利用相关信息收集脚本进行信息的获取和验证工作，漏洞利用模块可选择需要测试的漏洞模块，或者选择所有模块测试，包含CVE-2020-14882, CVE-2020-2555等，可自己收集脚本后按照模板进行修改。) [Github]
• April 12, 2021
  • cve-exploits () [Github]
• March 18, 2021
  • PocList (Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongy [Github]
• February 25, 2021
  • CVE-2020-14882 (CVE-2020-14882) [Github]
• January 31, 2021
  • CVE-2020-14882-WebLogic () [Github]
• January 28, 2021
  • CVE-2020-14882 (CVE-2020-14882部署冰蝎内存马) [Github]
• January 27, 2021
  • Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated) [Exploit-DB]
• January 18, 2021
  • poc (CVE-2020-14882) [Github]
• November 30, 2020
  • -Patched-McMaster-University-Blind-Command-Injection ((patched) This targets McMaster University's website and takes advantage of CVE-2020-14882 in the outdated version of WebLogic Server (12.2.1.3.0), which is present in the university's subdomains, mosa [Github]
• November 18, 2020
  • Oracle WebLogic Server Administration Console Handle RCE [Metasploit]
• November 17, 2020
  • CVE-2020-14882-weblogicRCE (Detection of RCE in Oracle's WebLogic Server CVE-2020-14882 / CVE-2020-14750) [Github]
• November 13, 2020
  • CVE-2020-14882 () [Github]
• November 11, 2020
  • CVE-2020-14882-GUI-Test (基于qt的图形化CVE-2020-14882漏洞回显测试工具.) [Github]
• November 10, 2020
  • CVE-2020-14882 ([CVE-2020-14882] Oracle WebLogic Server Authentication Bypass) [Github]
  • CVE-2020-14882 () [Github]
• November 6, 2020
  • cve-2020-14882 () [Github]
• November 4, 2020
  • CVE-2020-14882 (CVE-2020-14882/14883/14750) [Github]
• November 3, 2020
  • cve-2020-14882 (CVE-2020-14882 EXP 回显) [Github]
  • McMaster-University-0-day-Blind-Command-Injection ((patched) This targets McMaster University's website and takes advantage of CVE-2020-14882 in the outdated version of WebLogic Server (12.2.1.3.0), which is present in the university's subdomains, mosaic. [Github]
  • cve-2020-14882 (Bash script to exploit the Oracle's Weblogic Unauthenticated Remote Command Execution - CVE-2020-14882) [Github]
  • CVE-2020-14882 () [Github]
  • Weblogic_Unauthorized-bypass-RCE ((CVE-2020-14882) Oracle Weblogic Unauthorized bypass RCE test script) [Github]
  • falcon (Collection of exploits that were verified by an automated system) [Github]
  • CVE-2020-14882 (CVE-2020-14882批量验证工具。) [Github]
  • CVE-2020-14882_POC (CVE-2020-14882批量验证工具。) [Github]
  • CVE-2020-14882-checker (CVE-2020-14882 detection script) [Github]
  • CVE-2020-14882_ALL (CVE-2020-14882_ALL综合利用工具，支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。) [Github]
• October 30, 2020
  • CVE-2020-14882 (CVE-2020–14882、CVE-2020–14883) [Github]
  • WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request [Exploit-DB]
  • CVE-2020-14882 (CVE-2020–14882 by Jang) [Github]
  • CVE-2020-14882 (CVE-2020-14882 Weblogic-Exp) [Github]

Impact: Code execution

Vulnerable software:
Oracle WebLogic Server
Server applications / Application servers

Vendor: Oracle