Oracle Weblogic Insecure Deserialization with IIOP(CVE-2020-2551)

Overview On January 14, 2020, Oracle disclosed the critical vulnerability CVE-2020-2551 . Vulnerability has been discovered in the Oracle WebLogic Server, component of Oracle Fusion Middleware using IIOP protocol.  Flaw existed the way WebLogic Server handled IIOP deserialization. It led to remote code execution using IIOP protocol via Malicious JNDI Lookup.  Before looking into vulnerability, … Continue reading “Oracle Weblogic Insecure Deserialization with IIOP(CVE-2020-2551)”