Cyber Resilience

CVE-2020-2883

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 15 April 2020

Published
15 April 2020
Modified
27 October 2025
KEV Added
07 January 2025
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9437 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-2883 is a critical-severity an unspecified weakness vulnerability in Oracle Weblogic Server. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2020-2883 is a vulnerability in the Core component of Oracle WebLogic Server within Oracle Fusion Middleware. It affects supported versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0. The flaw is reachable over the network through IIOP or T3 protocols and carries a CVSS 3.1 base score of 9.8 with full impacts to confidentiality, integrity, and availability.

An unauthenticated attacker with network access can exploit the issue to achieve remote takeover of the WebLogic Server instance. No user interaction or credentials are required, making the attack surface broad for any exposed server.

Oracle's April 2020 Critical Patch Update addresses the vulnerability, and separate Zero Day Initiative advisories (ZDI-20-504 and ZDI-20-570) provide additional technical detail on the flaw. Public exploit artifacts referencing deserialization remote code execution have also been posted to Packet Storm.

The combination of an unauthenticated network vector, critical severity, and readily available proof-of-concept material indicates the issue is of immediate concern for organizations running the listed WebLogic versions.

EU & UK References

Vulnerability details

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic…

more

Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CWE(s)
KEV Date Added
07 January 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

oracle
weblogic server
10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of patches to remediate known flaws such as the April 2020 CPU that fixes CVE-2020-2883 deserialization RCE.

prevent

Enforces boundary protection and network filtering to block unauthenticated IIOP/T3 traffic from reaching exposed WebLogic instances.

prevent

Limits enabled protocols and services so that unnecessary T3/IIOP listeners can be disabled, shrinking the attack surface for this unauthenticated RCE.

References