CVE-2020-14882CISA KEV: Actively Exploited

Oracle WebLogic Server Remote Code Execution Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750.

Public Exploits & PoCs30 found

PoC: CVE-2020-14882

CVE-2020–14882、CVE-2020–14883

257

PoC: CVE-2020-14882_ALL

CVE-2020-14882_ALL综合利用工具,支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。

118

PoC: CVE-2020-14882_Exploit_Gui

CVE-2020-14882_Exploit 支持12.2.X和10.3.6版本,12.2.x可回显

65

PoC: CVE-2020-14882

CVE-2020–14882 by Jang

28

PoC: CVE-2020-14882

CVE-2020-14882/14883/14750

16

PoC: CVE-2020-14882

CVE-2020-14882 Weblogic-Exp

15

PoC: CVE-2020-14882_POC

CVE-2020-14882批量验证工具。

14

PoC: CVE-2020-14882

CVE-2020-14882部署冰蝎内存马

8

PoC: cve-2020-14882

CVE-2020-14882 EXP 回显

8

PoC: CVE-2020-14882-weblogicRCE

Detection of RCE in Oracle's WebLogic Server CVE-2020-14882 / CVE-2020-14750

6

PoC: CVE-2020-14882

CVE-2020-14882

4

PoC: Weblogic_Unauthorized-bypass-RCE

(CVE-2020-14882) Oracle Weblogic Unauthorized bypass RCE test script

4

PoC: CVE-2020-14882

[CVE-2020-14882] Oracle WebLogic Server Authentication Bypass

3

PoC: CVE-2020-14882-WebLogic

Check YouTube - https://youtu.be/O0ZnLXRY5Wo

2

PoC: CodeTest

CodeTest信息收集和漏洞利用工具,可在进行渗透测试之时方便利用相关信息收集脚本进行信息的获取和验证工作,漏洞利用模块可选择需要测试的漏洞模块,或者选择所有模块测试,包含CVE-2020-14882, CVE-2020-2555等,可自己收集脚本后按照模板进行修改。

2

PoC: CVE-2020-14882-GUI-Test

基于qt的图形化CVE-2020-14882漏洞回显测试工具.

2

PoC: cve-2020-14882

Bash script to exploit the Oracle's Weblogic Unauthenticated Remote Command Execution - CVE-2020-14882

2

PoC: CVE-2020-14882-14883

结合14882的未授权访问漏洞,通过14883可远程执行任意代码

1

PoC: CVE-2020-14882-checker

CVE-2020-14882 detection script

1

PoC: CVE-2020-14882

PoC for testing if a target is vulnerable to RCE

PoC: Blackash-CVE-2020-14882

CVE-2020-14882

PoC: CVE-2020-14882

CVE-2020-14882

PoC: weblogic-cve-2020-14882

This is a repository that aims to provide research material on CVE-2020-14882 as part of a project in partial fullfilment of ACS EDU Program.

PoC: CVE-2020-14882

Takeover of Oracle WebLogic Server

PoC: CVE-2020-14882

This script allows for remote code execution (RCE) on Oracle WebLogic Server

PoC: CVE-2020-14882

CVE-2020-14882 rewritten in PowerShell

PoC: CVE-2020-14882_ALL

综合利用工具

PoC: CVE-2020-14882_ALL

综合利用工具

PoC: CVE-2020-14882

CVE-2020-14882部署冰蝎内存马

PoC: -Patched-McMaster-University-Blind-Command-Injection

(patched) This targets McMaster University's website and takes advantage of CVE-2020-14882 in the outdated version of WebLogic Server (12.2.1.3.0), which is present in the university's subdomains, mosaic.mcmaster.ca and epprd.uts.mcmaster.ca.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free