CVE-2020-2551
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 10, 2019
- Published Date
- January 15, 2020
- Last Updated
- September 30, 2024
- Vendor
- Oracle Corporation
- Product
- WebLogic Server
- Description
- Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS Scores
CVSS v3.0
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2023-11-16 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-2551.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
DaMinGshidashi/CVE-2020-2551
Type: github • Created: 2020-09-02 14:11:15 UTC • Stars: 0
Dido1960/Weblogic-CVE-2020-2551-To-Internet
Type: github • Created: 2020-05-24 02:56:12 UTC • Stars: 21
Y4er/CVE-2020-2551
Type: github • Created: 2020-02-28 08:46:21 UTC • Stars: 333
hktalent/CVE-2020-2551
Type: github • Created: 2020-01-19 13:01:32 UTC • Stars: 211
jas502n/CVE-2020-2551
Type: github • Created: 2020-01-18 07:08:06 UTC • Stars: 79