WARNING: PROOF OF EXPLOIT FOR A REMOTE CODE EXECUTION VULNERABILITY IN ORACLE WEBLOGIC SERVER
Reference:
Advisory #2024-19
Version:
1.0
Affected software:
Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0
Type:
Remote Code Execution (RCE)
CVE/CVSS:
CVE-2024-20931
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Base Score: 7.5
Date:
06/02/2024
Sources
Risks
A proof-of-concept (PoC) has been disclosed for CVE 2024 20931, a remote code execution vulnerability affecting Oracle WebLogic Server. Successful exploitation of this vulnerability could result to sensitive information disclosure. This poses a significant threat on confidentiality of information security.
The released of the exploit, could enable an attacker to exploit the vulnerability more effectively. However, no exploitation has yet been observed.
Description
CVE 2024 20931 is a remote code execution vulnerability in Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). This vulnerability could allow an unauthenticated attacker with network access via T3 (proprietary WebLogic protocol), IIOP (Internet Inter-ORB protocol) to compromise affected servers, which may result to unauthorized access of critical data or full access to all data of Oracle WebLogic Server.
A public Proof-of-Concept (PoC) is available for this vulnerability:
This could potentially enable malicious attackers to exploit this vulnerability.
Recommended Actions
The Centre for Cybersecurity Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyze system and network logs for any suspicious activity. Organizations should investigate if they suspect an intrusion attempt.