PT-2020-2533 · Oracle · Oracle Weblogic Server
Fangrun Li
+3
·
Published
2020-04-15
·
Updated
2022-10-14
·
CVE-2020-2963
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
Description
The issue is related to insufficient access control in the Web Services component of Oracle WebLogic Server, allowing a remote attacker to gain full control over the application using IIOP and T3 network protocols. Successful attacks can result in the takeover of Oracle WebLogic Server.
Recommendations
For version 10.3.6.0.0, update to a version that includes the fix for this issue.
For version 12.1.3.0.0, update to a version that includes the fix for this issue.
For version 12.2.1.3.0, update to a version that includes the fix for this issue.
For version 12.2.1.4.0, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the Web Services component until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Weblogic Server