Oracle Weblogic - Path Traversal (CVE-2020-14882)
- CVSSv3 Score
- Vulnerability description
Oracle Weblogic is affected by a Path Traversal vulnerability, inside the Console component of Oracle WebLogic Server. This vulnerability is caused by the improper configuration of Path Traversal blacklist of the server URL, found inside a handler class of the WebLogic HTTP access. By exploiting the vulnerability, an attacker can bypass authentication of the console component and can send commands via an MVEL expression which may potentially cause remote code execution, allowing a malicious unauthenticated attacker to execute arbitrary code on the server.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the Oracle Weblogic to steal confidential information, install ransomware, or pivot to the internal network.
Upgrade the Oracle Weblogic to the latest version.
- Not available