CVE-2020-2798: 
Oracle WebLogic Server vulnerability analysis and mitigation

CVE-2020-2798 is a vulnerability in Oracle WebLogic Server that allows high-privileged attackers with network access via IIOP or T3 protocols to compromise the server. The vulnerability was discovered and reported by multiple security researchers including Fangrun Li of Cloud Security Team at Qihoo 360, Longofo of Knownsec 404 Team, and RunOu of Bangcle Security. It was patched as part of Oracle's April 2020 Critical Patch Update (Oracle CPU).

The vulnerability affects Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0. It is an insecure deserialization vulnerability that can be exploited through the IIOP or T3 protocols. The vulnerability has been assigned a CVSS v3.0 base score indicating high severity (NVD).

A successful exploitation of this vulnerability could allow attackers to compromise Oracle WebLogic Server, potentially leading to unauthorized access and control of the affected system (Fortiguard).

Oracle has released security patches for the affected versions as part of the April 2020 Critical Patch Update. Organizations are strongly recommended to apply these security patches as soon as possible to protect against potential exploitation (Oracle CPU).