## https://sploitus.com/exploit?id=SAINT:880C926D2511DE57F08789A66AFE11F2
Added: 05/27/2020
CVE: [CVE-2020-2555](<https://vulners.com/cve/CVE-2020-2555>)
### Background
[Oracle WebLogic Server](<http://www.bea.com/framework.jsp?CNT=index.htm&FP=/content/products/weblogic/>) (formerly BEA WebLogic Server) is a Java web application platform.
### Problem
A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized `**BadAttributeValueExpException**` object over the T3 protocol.
### Resolution
Apply the patch referenced in [Oracle Critical Patch Update Advisory - January 2020](<https://www.oracle.com/security-alerts/cpujan2020.html>).
### References
<https://www.oracle.com/security-alerts/cpujan2020.html>
### Limitations
Exploit works on Oracle WebLogic Server 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0 on Windows.
### Platforms
Windows