Vulnerability identifier: #VU48029

Vulnerability risk: Medium

CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-14883

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 7

• July 4, 2021
  • CVE-2020-14882-14883 (结合14882的未授权访问漏洞，通过14883可远程执行任意代码) [Github]
• March 18, 2021
  • PocList (Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongy [Github]
• February 25, 2021
  • westone-CVE-2020-14883-scanner (A vulnerability scanner that detects CVE-2020-14883 vulnerabilities.) [Github]
• January 26, 2021
  • CVE-2020-14883EXP (用于对WebLogic(10.3.6.0.0 ;12.1.3.0.0 ;12.2.1.3.0; 12.2.1.4.0 ;14.1.1.0.0)进行验证及利用) [Github]
• November 18, 2020
  • Oracle WebLogic Server Administration Console Handle RCE [Metasploit]
• November 11, 2020
  • CVE-2020-14883 (Weblogic 身份认证绕过漏洞批量检测脚本) [Github]
• November 10, 2020
  • CVE-2020-14883 ([CVE-2020-14882] Oracle WebLogic Server Authenticated Remote Code Execution (RCE)) [Github]

Impact: Code execution

Vulnerable software:
Oracle WebLogic Server
Server applications / Application servers

Vendor: Oracle