Oracle WebLogic Authentication Bypass (CVE-2020-14883)

Severity:

High

Summary

Invicti identified the Oracle WebLogic Authentication Bypass (CVE-2020-14883) in the target web server.

Impact

An attacker can bypass authentication and gain access to the vulnerable WebLogic instance. Due to the high privileges acquired, an attacker can carry out any administrative action and take complete control over the application.

Exploit of the vulnerability is known widely and should be addressed as soon as possible.

Remediation

In order to patch this vulnerability, please install the official patch Oracle made available for supported, vulnerable instances.

Required Skills for Successful Exploitation

Actions To Take

Classifications

CWE-288

OWASP 2013-A2

OWASP 2017-A2

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Weak Secret is Used to Sign JWT

JWT Forgery via Chaining Jku Parameter with Open Redirect

Oracle WebLogic Authentication Bypass (CVE-2020-14883)

JWT Signature Bypass via None Algorithm

JWT Signature is not Verified

Oracle WebLogic Authentication Bypass (CVE-2020-14883)

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.