Added: 05/27/2020
CVE: CVE-2020-2555
Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.
A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized **BadAttributeValueExpException**
object over the T3 protocol.
Apply the patch referenced in Oracle Critical Patch Update Advisory - January 2020.
<https://www.oracle.com/security-alerts/cpujan2020.html>
Exploit works on Oracle WebLogic Server 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0 on Windows.
Windows