KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2020-2883

PUBLISHED

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Oracle Corporation
Product
WebLogic Server
Published
Apr 15, 2020
EPSS

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

cisa nuclei_scanner metasploit nessus_scanner

CVSS scores

CVSS v3.0 9.8 Critical

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-01-07 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Jan 07, 2025

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2020/CVE-2020-2883.yaml Jun 01, 2026
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb Apr 28, 2025
Nessus https://www.tenable.com/plugins/nessus/138074 Mar 08, 2023

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

weblogic_deserialize_badattr_extcomp

metasploit · Created Unknown

Metasploit module for CVE-2020-2883

Al1ex/CVE-2020-2883

github · Created 2020-11-26 14:10:25 UTC · 5 stars

CVE-2020-2883

FancyDoesSecurity/CVE-2020-2883

github · Created 2020-10-14 23:12:39 UTC · 2 stars

MagicZer0/Weblogic_CVE-2020-2883_POC

github · Created 2020-05-13 09:56:48 UTC · 15 stars

Proof of concept for Weblogic CVE-2020-2883

Y4er/CVE-2020-2883

github · Created 2020-05-10 09:04:43 UTC · 176 stars

Weblogic coherence.jar RCE

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nessus

  • Added to KEVIntel

  • Detected by Metasploit

  • Detected by Nuclei