CVE-2024-20931

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Oracle
Severity: HIGH
CVE ID: CVE-2024-20931
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Refrence: NVD MITRE

Proof Of Concept

GlassyAmadeus

The Poc for CVE-2024-20931

Refrence: GitHub

Leocodefocus

Refrence: GitHub

ATonysan

Refrence: GitHub

dinosn

CVE-2024-20931, this is the bypass of the patch of CVE-2023-21839

Refrence: GitHub

Content on GitHub

gobysec | watchers:677

GobyVuls
Vulnerabilities of Goby supported with exploitation.

Refrence: GitHub

gobysec | watchers:1334

Goby
Attack surface mapping

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub