COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2020-14644

CVE-2020-14644

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-09-18
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-14644
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wild

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.

Players implicated

Oracle · vendorWebLogic Server · product

Description

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.

Affected FedRAMP products 10 in the catalog

ProductProviderStatusMatch
Aconex for Defense Oracle Authorized vendor-exact · 0.90
Federal Managed Cloud Services Oracle Authorized vendor-exact · 0.90
Fusion Cloud Oracle Authorized vendor-exact · 0.90
Government Cloud - Common Controls Oracle Authorized vendor-exact · 0.90
Oracle Cloud Infrastructure-Government Cloud Oracle Authorized vendor-exact · 0.90
Oracle Enterprise Performance Management (EPM) Oracle Authorized vendor-exact · 0.90
Oracle Enterprise Performance Management (EPM) - Moderate Oracle In Process vendor-exact · 0.90
Oracle Service Cloud Oracle Authorized vendor-exact · 0.90
Oracle Service Cloud (DOD) Oracle Authorized vendor-exact · 0.90
Taleo Cloud - U.S. Government Cloud Oracle Authorized vendor-exact · 0.90