Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-2801
HistoryApr 15, 2020 - 2:15 p.m.

CVE-2020-2801

2020-04-1514:15:28
[email protected]
web.nvd.nist.gov
4

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.046

Percentile

92.6%

JSON

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. Note: The patch for this issue will address the vulnerability only if the WLS instance is using JDK 1.7.0_191 or later, or JDK 1.8.0_181 or later. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected configurations

Nvd
Node
oracleweblogic_serverMatch10.3.6.0.0
OR
oracleweblogic_serverMatch12.1.3.0.0
OR
oracleweblogic_serverMatch12.2.1.3.0
OR
oracleweblogic_serverMatch12.2.1.4.0
AND
oraclejdkMatch1.7.0update191
OR
oraclejdkMatch1.7.0update191_b31
OR
oraclejdkMatch1.7.0update191_b32
OR
oraclejdkMatch1.7.0update2
OR
oraclejdkMatch1.7.0update201
OR
oraclejdkMatch1.7.0update201_b31
OR
oraclejdkMatch1.7.0update21
OR
oraclejdkMatch1.7.0update21_b31
OR
oraclejdkMatch1.7.0update211
OR
oraclejdkMatch1.7.0update211_b31
OR
oraclejdkMatch1.7.0update211_b32
OR
oraclejdkMatch1.7.0update221
OR
oraclejdkMatch1.7.0update221_b31
OR
oraclejdkMatch1.7.0update221_b32
OR
oraclejdkMatch1.7.0update221_b34
OR
oraclejdkMatch1.7.0update221_b35
OR
oraclejdkMatch1.7.0update231
OR
oraclejdkMatch1.7.0update231_b32
OR
oraclejdkMatch1.7.0update241
OR
oraclejdkMatch1.7.0update241_b31
OR
oraclejdkMatch1.7.0update25
OR
oraclejdkMatch1.7.0update25_b33
OR
oraclejdkMatch1.7.0update25_b34
OR
oraclejdkMatch1.7.0update25_b35
OR
oraclejdkMatch1.7.0update251
OR
oraclejdkMatch1.7.0update261
OR
oraclejdkMatch1.7.0update271
OR
oraclejdkMatch1.7.0update271_b31
OR
oraclejdkMatch1.7.0update281
OR
oraclejdkMatch1.7.0update281_b32
OR
oraclejdkMatch1.7.0update281_b33
OR
oraclejdkMatch1.7.0update291
OR
oraclejdkMatch1.7.0update291_b31
OR
oraclejdkMatch1.7.0update291_b32
OR
oraclejdkMatch1.7.0update3
OR
oraclejdkMatch1.7.0update301
OR
oraclejdkMatch1.7.0update301_b31
OR
oraclejdkMatch1.7.0update311_b31
OR
oraclejdkMatch1.7.0update321
OR
oraclejdkMatch1.7.0update321_b31
OR
oraclejdkMatch1.7.0update331
OR
oraclejdkMatch1.7.0update341
OR
oraclejdkMatch1.7.0update341_b31
OR
oraclejdkMatch1.7.0update343
OR
oraclejdkMatch1.7.0update343_b31
OR
oraclejdkMatch1.7.0update4
OR
oraclejdkMatch1.7.0update40
OR
oraclejdkMatch1.7.0update45
OR
oraclejdkMatch1.7.0update45_b31
OR
oraclejdkMatch1.7.0update45_b32
OR
oraclejdkMatch1.7.0update45_b33
OR
oraclejdkMatch1.7.0update45_b34
OR
oraclejdkMatch1.7.0update5
OR
oraclejdkMatch1.7.0update51
OR
oraclejdkMatch1.7.0update51_b31
OR
oraclejdkMatch1.7.0update51_b32
OR
oraclejdkMatch1.7.0update51_b33
OR
oraclejdkMatch1.7.0update55
OR
oraclejdkMatch1.7.0update55_b31
OR
oraclejdkMatch1.7.0update55_b32
OR
oraclejdkMatch1.7.0update55_b33
OR
oraclejdkMatch1.7.0update55_b35
OR
oraclejdkMatch1.7.0update6
OR
oraclejdkMatch1.7.0update60
OR
oraclejdkMatch1.7.0update60_b32
OR
oraclejdkMatch1.7.0update60_b33
OR
oraclejdkMatch1.7.0update65
OR
oraclejdkMatch1.7.0update65_b33
OR
oraclejdkMatch1.7.0update67
OR
oraclejdkMatch1.7.0update67_b31
OR
oraclejdkMatch1.7.0update67_b34
OR
oraclejdkMatch1.7.0update7
OR
oraclejdkMatch1.7.0update7_b32
OR
oraclejdkMatch1.7.0update71
OR
oraclejdkMatch1.7.0update72
OR
oraclejdkMatch1.7.0update72_b31
OR
oraclejdkMatch1.7.0update72_b32
OR
oraclejdkMatch1.7.0update72_b33
OR
oraclejdkMatch1.7.0update75
OR
oraclejdkMatch1.7.0update76
OR
oraclejdkMatch1.7.0update76_b32
OR
oraclejdkMatch1.7.0update76_b33
OR
oraclejdkMatch1.7.0update76_b34
OR
oraclejdkMatch1.7.0update76_b35
OR
oraclejdkMatch1.7.0update76_b36
OR
oraclejdkMatch1.7.0update76_b37
OR
oraclejdkMatch1.7.0update76_b38
OR
oraclejdkMatch1.7.0update79
OR
oraclejdkMatch1.7.0update80
OR
oraclejdkMatch1.7.0update80_b33
OR
oraclejdkMatch1.7.0update80_b35
OR
oraclejdkMatch1.7.0update85
OR
oraclejdkMatch1.7.0update85_b31
OR
oraclejdkMatch1.7.0update85_b33
OR
oraclejdkMatch1.7.0update85_b34
OR
oraclejdkMatch1.7.0update9
OR
oraclejdkMatch1.7.0update9_b31
OR
oraclejdkMatch1.7.0update9_b32
OR
oraclejdkMatch1.7.0update91
OR
oraclejdkMatch1.7.0update91_b17
OR
oraclejdkMatch1.7.0update91_b32
OR
oraclejdkMatch1.7.0update91_b33
OR
oraclejdkMatch1.7.0update95
OR
oraclejdkMatch1.7.0update95_b13
OR
oraclejdkMatch1.7.0update95_b31
OR
oraclejdkMatch1.7.0update95_b32
OR
oraclejdkMatch1.7.0update97
OR
oraclejdkMatch1.7.0update97_b31
OR
oraclejdkMatch1.7.0update97_b32
OR
oraclejdkMatch1.7.0update97_b33
OR
oraclejdkMatch1.7.0update99
OR
oraclejdkMatch1.7.0update99_b31
OR
oraclejdkMatch1.8.0update181
OR
oraclejdkMatch1.8.0update182
OR
oraclejdkMatch1.8.0update191
OR
oraclejdkMatch1.8.0update192
OR
oraclejdkMatch1.8.0update20
OR
oraclejdkMatch1.8.0update201
OR
oraclejdkMatch1.8.0update202
OR
oraclejdkMatch1.8.0update211
OR
oraclejdkMatch1.8.0update212
OR
oraclejdkMatch1.8.0update221
OR
oraclejdkMatch1.8.0update231
OR
oraclejdkMatch1.8.0update241
OR
oraclejdkMatch1.8.0update25
OR
oraclejdkMatch1.8.0update251
OR
oraclejdkMatch1.8.0update252
OR
oraclejdkMatch1.8.0update261
OR
oraclejdkMatch1.8.0update271
OR
oraclejdkMatch1.8.0update281
OR
oraclejdkMatch1.8.0update291
OR
oraclejdkMatch1.8.0update301
OR
oraclejdkMatch1.8.0update31
OR
oraclejdkMatch1.8.0update311
OR
oraclejdkMatch1.8.0update321
OR
oraclejdkMatch1.8.0update331
OR
oraclejdkMatch1.8.0update333
OR
oraclejdkMatch1.8.0update341
OR
oraclejdkMatch1.8.0update345enterprise_performance_pack
OR
oraclejdkMatch1.8.0update40
OR
oraclejdkMatch1.8.0update45
OR
oraclejdkMatch1.8.0update5
OR
oraclejdkMatch1.8.0update51
OR
oraclejdkMatch1.8.0update6
OR
oraclejdkMatch1.8.0update60
OR
oraclejdkMatch1.8.0update65
OR
oraclejdkMatch1.8.0update66
OR
oraclejdkMatch1.8.0update71
OR
oraclejdkMatch1.8.0update72
OR
oraclejdkMatch1.8.0update73
OR
oraclejdkMatch1.8.0update74
OR
oraclejdkMatch1.8.0update77
OR
oraclejdkMatch1.8.0update91
OR
oraclejdkMatch1.8.0update92
VendorProductVersionCPE
oracleweblogic_server10.3.6.0.0cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
oracleweblogic_server12.1.3.0.0cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
oracleweblogic_server12.2.1.3.0cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
oracleweblogic_server12.2.1.4.0cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update191_b31:*:*:*:*:*:*
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update191_b32:*:*:*:*:*:*
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update201:*:*:*:*:*:*
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update201_b31:*:*:*:*:*:*
Rows per page:
1-10 of 1581

Related

cvelist 1
cve 1
prion 1
cbl_mariner 1
checkpoint_advisories 1
nessus 1
githubexploit 2
oracle 1
cvelist
cvelist
CVE-2020-2801
2020-04-15 13:29:46
cve
cve
CVE-2020-2801
2020-04-15 14:15:28
prion
prion
Code injection
2020-04-15 14:15:00
cbl_mariner
cbl_mariner
CVE-2020-2801 affecting package openjdk8 1.8.0.332-1
2024-09-30 09:32:20
checkpoint_advisories
checkpoint_advisories
Oracle Fusion Middleware WebLogic Server Insecure Deserialization (CVE-2020-2883; CVE-2020-2546; CVE-2020-2798; CVE-2020-2801; CVE-2020-2884)
2020-05-04 00:00:00
nessus
nessus
Oracle WebLogic Server Multiple Vulnerabilities (Apr 2020 CPU)
2020-04-16 00:00:00
githubexploit
githubexploit
Exploit for CVE-2014-4210
2022-03-19 01:54:15
Exploit for CVE-2014-4210
2022-03-19 01:54:15
oracle
oracle
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.046

Percentile

92.6%

JSON
Related for NVD:CVE-2020-2801
cvelist1cve1prion1cbl_mariner1checkpoint_advisories1nessus1githubexploit2oracle1