Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2020-2883)


Oracle’s April 2020 patch addresses, a critical flaw in Oracle WebLogic Server as CVE-2020-2883 that can be exploited by an unauthenticated user for remote code execution. It has got major attention as CVssV3 score is 9.8/10.


WebLogic is a Java-based middleware solution, with thousands of servers running online. It sits between a front-facing application and a database system. Eric Maurice, director of security assurance at Oracle, said the company had received “reports of attempts to maliciously exploit a number of recently-patched vulnerabilities.”

The specific flaw is exploited via crafted data in a T3 protocol message that can trigger the deserialization of untrusted data. The unpatched systems can be taken control over by a nefarious actor, while the server receives the data and desrializes it where WebLogic core is running malicious code underneath.

The POC is for CVE-2020-2883 can be found here.

Affected Products:

Oracle WebLogic Server –,, and



Oracle organization has updated the patch and released for CVE-2020-2883.

Qualys customers can scan their network with QID(s)# 87416, 372510 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.

References & Sources:


Leave a Reply

Your email address will not be published. Required fields are marked *