Oracle WebLogic Server Remote Code Execution Vulnerability

Added Sept. 18, 2024 • Due Oct. 9, 2024 • CVE-2020-14644

Overdue Oracle / WebLogic Server

Description

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://www.oracle.com/security-alerts/cpujul2020.html
https://nvd.nist.gov/vuln/detail/CVE-2020-14644

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 7 months, 2 weeks ago