CVE-2020-14644β€”Oracle WebLogic Server Remote Code Execution Vulnerability

PUBLISHEDvulnerability record
2024-09-18 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2020-14644
Project:
Oracle
Product:
WebLogic Server
Date Added:
2024-09-18
Due Date:
2024-10-09
Last Updated:
June 21, 2025

Vulnerability Name

Oracle WebLogic Server Remote Code Execution Vulnerability

Description

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

Related News Articles