{"vulnerability": "CVE-2020-14645", "sightings": [{"uuid": "00afddf3-5b45-4ad4-9bca-d6894532371c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-14645", "type": "seen", "source": "https://t.me/arpsyndicate/265", "content": "#ExploitObserverAlert\n\nCVE-2020-14645\n\nDESCRIPTION: Exploit Observer has 34 entries related to CVE-2020-14645. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n\nFIRST-EPSS: 0.040850000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-19T14:34:54.000000Z"}, {"uuid": "54f971db-c9c8-457e-8c81-8b58ce0af331", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-14645", "type": "published-proof-of-concept", "source": "https://t.me/cKure/1374", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()\n\nhttps://github.com/Y4er/CVE-2020-14645", "creation_timestamp": "2020-07-20T09:17:31.000000Z"}, {"uuid": "fe725542-b519-4def-9d00-da49dc429004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-14645", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1452", "content": "#exploit\nCVE-2020-14645:\nOracle WebLogic Server / Fusion Middleware (Core) versions 10.3.6, 12.1.3, 12.2.1.3, 12.2.1.4, 14.1.1 - Unauthenticated network access via IIOP, T3 to compromise Oracle WebLogic Server\n]-> PoC (Weblogic UniversalExtractor JNDI injection getDatabaseMetaData() ):\nhttps://github.com/Y4er/CVE-2020-14645", "creation_timestamp": "2022-06-19T21:49:23.000000Z"}]}