Exploit for CVE-2020-14882 CVE-2020-14750 CVE-2020-14882

Name: Exploit for CVE-2020-14882 CVE-2020-14750 CVE-2020-14882
Rating: 5 (302 reviews)
2025-11-04 | CVSS 10.0
## https://sploitus.com/exploit?id=D7E0435A-B0DC-5738-9678-CCB2A1877CED
# 🔴 CVE-2020-14882 — Oracle WebLogic Remote Code Execution (RCE)




---

**CVE-2020-14882** is a **critical remote code execution (RCE) vulnerability** in **Oracle WebLogic Server**, a popular Java-based application server used for building and deploying enterprise applications.

Here are the key details:

---

### 🔍 **Basic Information**

* **CVE ID:** CVE-2020-14882
* **Published:** October 2020
* **CVSS v3 Score:** 9.8 (Critical)
* **Affected Product:** Oracle WebLogic Server
* **Affected Versions:**

  * 10.3.6.0.0
  * 12.1.3.0.0
  * 12.2.1.3.0
  * 12.2.1.4.0
  * 14.1.1.0.0

---

### ⚙️ **Vulnerability Description**

CVE-2020-14882 exists due to **improper input validation** in the **WebLogic Server Administration Console** component.
An **unauthenticated attacker** can exploit this flaw **remotely over HTTP** by sending a specially crafted request to the vulnerable server.

If successful, the attacker gains **remote code execution (RCE)** privileges — allowing them to:

* Execute arbitrary commands on the host machine.
* Install backdoors or malware.
* Take full control of the affected WebLogic instance.

---

### 🧠 **Technical Overview**

* The issue resides in the **console component (`/console/`)** of WebLogic.
* It can be exploited via a **path traversal attack** — for example, by accessing:



  ```
  /console/images/%252e%252e%252fconsole.portal
  ```



  (This bypasses authentication by using double URL encoding.)
* Once the attacker reaches the admin interface without credentials, they can execute arbitrary Java or system commands.







---

### ⚠️ **Exploitation in the Wild**

* Shortly after disclosure, **working exploits were released publicly**.
* Attackers began using it to deploy **cryptominers, ransomware, and webshells**.
* Oracle later released **CVE-2020-14750**, which fixed a bypass of the original patch for CVE-2020-14882.

---

### 🛡️ **Mitigation & Fix**

* **Apply Oracle’s October 2020 Critical Patch Update (CPU)** immediately.
* **Restrict network access** to the WebLogic Admin Console (`/console/`) from untrusted networks.
* **Use Web Application Firewalls (WAF)** and **monitor logs** for suspicious encoded paths.
* Consider **upgrading WebLogic** to the latest supported version.

---