Lucene search
Quynh Le of VNPT ISCZDI-20-885HistoryJul 20, 2020 - 12:00 a.m.
Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability
2020-07-2000:00:00
Quynh Le of VNPT ISC
www.zerodayinitiative.com
37
EPSS
0.516
Percentile
97.6%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the aspectjweaver library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account.
Related
nvd
nvd
CVE-2020-14625
2020-07-15 18:15:27
cvelist
cvelist
CVE-2020-14625
2020-07-15 17:34:30
vulnrichment
vulnrichment
CVE-2020-14625
2020-07-15 17:34:30
prion
prion
Design/Logic Flaw
2020-07-15 18:15:00
cve
cve
CVE-2020-14625
2020-07-15 18:15:27
checkpoint_advisories
checkpoint_advisories
Oracle WebLogic Server Insecure Deserialization (CVE-2020-14625)
2020-09-02 00:00:00
nessus
nessus
Oracle WebLogic Server Multiple Vulnerabilities (Jul 2020 CPU)
2020-07-17 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00