VDB

CVE-2020-14841

CVE-2020-14841 PUBLISHED CVSS 9.800000190734863 CRITICAL

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

EPSS 13.49% · 94.4th percentile

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
13.49%
94.4th percentile

Affected Products

VendorProductVersions
Oracle CorporationWebLogic Server14.1.1.0.0, 10.3.6.0.0, 12.1.3.0.0
oracleweblogic_server10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0

Exploit Intelligence

Timeline

  • Oct 21, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 28, 2022 PoC Published
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 9, 2023 EPSS Score
  • Mar 23, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›