CVE-2020-2551: WebLogic WLS Component IIOP Protocol Risk Alert

On January 15, 2020, we monitored that Oracle officially released the CVE-2020-2551 vulnerability notice, and the vulnerability level was high. We judge that the vulnerability level is a high risk, and the harm/impact is large. It is recommended that users using Weblogic turn off or disable the T3 protocol to avoid malicious attacks.

Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation. Oracle acquired WebLogic Server when it purchased BEA Systems in 2008. WebLogic is widely used in production environments by enterprise users.

Internet Inter-ORB Protocol is a protocol that makes it possible for distributed programs written in different programming languages to communicate over the Internet. IIOP is a critical part of a strategic industry standard, the Common Object Request Broker Architecture (CORBA). The protocol used to communicate between CORBA object request agents.

An attacker can use the Weblogic IIOP protocol flaw to execute the remote command, and the harm/influence is large. Details are not yet released.

Affected Version

Oracle WebLogic Server

  • 10.3.6.0.0
  • 12.1.3.0.0
  • 12.2.1.3.0
  • 12.2.1.4.0