## https://sploitus.com/exploit?id=SAINT:50889C53D3A04E98F4F7E31365C75978
Added: 05/27/2020
CVE: [CVE-2020-2555](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2555>)
### Background
[Oracle WebLogic Server](<http://www.bea.com/framework.jsp?CNT=index.htm&FP=/content/products/weblogic/>) (formerly BEA WebLogic Server) is a Java web application platform.
### Problem
A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized `**BadAttributeValueExpException**` object over the T3 protocol.
### Resolution
Apply the patch referenced in [Oracle Critical Patch Update Advisory - January 2020](<https://www.oracle.com/security-alerts/cpujan2020.html>).
### References
<https://www.oracle.com/security-alerts/cpujan2020.html>
### Limitations
Exploit works on Oracle WebLogic Server 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0 on Windows.
### Platforms
Windows