Security readout for executives and security teams
Plain-English summary
This is a critical Oracle WebLogic Server flaw that can let an unauthenticated network attacker take over affected servers. Because CISA lists it in KEV, exploitation is known to have occurred. Systems running the named WebLogic versions should be treated as urgent remediation targets.
Executive priority
Treat this as an immediate patch and exposure-reduction issue for any affected WebLogic system. The business risk is full server takeover, and known exploitation raises urgency beyond routine vulnerability management.
Technical view
CVE-2020-14644 affects Oracle WebLogic Server Core versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. Oracle rates it CVSS 9.8: network-accessible, low complexity, no privileges, no user interaction, with high confidentiality, integrity, and availability impact via IIOP or T3.
Likely exposure
Exposure is likely where affected WebLogic Server instances are reachable over networks that permit IIOP or T3 access, especially from untrusted networks. Internal-only systems can still be at risk if attackers gain network foothold.
Exploitation context
Active exploitation is supported by the CISA Known Exploited Vulnerabilities listing. The provided sources do not include exploit mechanics, public exploit details, or indicators of compromise, so validation should focus on inventory, patch state, exposure, and vendor guidance.
Researcher notes
The source bundle confirms affected versions, attack vector, CVSS, impact, and KEV status. It does not provide CWE mapping, root-cause detail, exploit prerequisites beyond network access via IIOP or T3, or product-specific detection logic.
Mitigation direction
- Apply Oracle's July 2020 Critical Patch Update or later applicable WebLogic fixes.
- Prioritize affected WebLogic systems reachable via IIOP or T3.
- Restrict untrusted network access to WebLogic services while remediation is underway.
- Confirm unsupported or unpatched WebLogic versions are upgraded to supported, fixed releases.
- Review Oracle and CISA guidance for any environment-specific remediation requirements.
Validation and detection
- Inventory WebLogic Server versions across production, staging, and disaster recovery environments.
- Identify servers running 12.2.1.3.0, 12.2.1.4.0, or 14.1.1.0.0.
- Confirm whether IIOP or T3 is reachable from untrusted networks.
- Verify Oracle CPU patch levels on every affected WebLogic instance.
- Review security monitoring for suspicious WebLogic access around exposed services.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2020-14644 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Critical
- CVSS
- 9.8 (3.1)
- Known Exploited
- Yes
- Published
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CISA KEV status
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H3.95.9Primary CVE scoreVulnerability scoring details
Base CVSS 3.1 score
9.8CriticalVector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source materials
- CVE List V5 sourceCVE List V5
- https://www.oracle.com/security-alerts/cpujul2020.htmlCVE reference · x_refsource_MISC
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14644CVE reference · government-resource
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
