漏洞描述
Oracle官方在2020年10月份发布的最新安全补丁中修复了许多安全漏洞,其中黑名单类oracle.eclipselink.coherence.integrated.internal.cache.LockVersionExtractor可造成反序列化漏洞。该漏洞允许未经身份验证的攻击者通过IIOP,T3进行网络访问,未经身份验证的攻击者成功利用此漏洞可能接管OracleWeblogic Server。
Weblogic LockVersionExtractor反序列化漏洞(CVE-2020-14825)
PoC代码
暂无相关漏洞推荐
-
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC
2025-09-01 | Nexus Repository漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager" -
CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC
2025-09-01 | LimeSurveyLimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a... -
CVE-2020-11738: WordPress Duplicator plugin Directory Traversal POC
2025-09-01 | WordPress DuplicatorThe issue is being actively exploited, and allows attackers to download arbitrary files, such as the... -
CVE-2020-11991: Apache Cocoon 2.1.12 XML Injection POC
2025-09-01 | Apache CocoonApache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code pars... -
CVE-2020-13379: Grafana 3.0.1-7.0.1 - Server-Side Request Forgery POC
2025-09-01 | GrafanaGrafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, wh...