VDB

GSD-2020-14644

GSD-2020-14644 PUBLISHED CVSS 9.800000190734863 CRITICAL

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Risk Scores

CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
oracleweblogic_server12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
Oracle CorporationWebLogic Server12.2.1.3.0, 14.1.1.0.0, 12.2.1.4.0

Timeline

  • Jul 14, 2020 CVE Published
  • Sep 20, 2024 PoC Published
  • Feb 23, 2025 PoC Published
  • Aug 18, 2025 PoC Published
  • Aug 19, 2025 PoC Published
  • Nov 6, 2025 PoC Published
  • Feb 2, 2026 PoC Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›