CVE-2020-2963: 
Oracle WebLogic Server vulnerability analysis and mitigation

CVE-2020-2963 is a vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware, specifically affecting the Web Services component. This easily exploitable vulnerability allows high privileged attackers with network access via IIOP or T3 protocols to compromise Oracle WebLogic Server (NVD). The vulnerability was discovered by Fangrun Li of Cloud Security Team at Qihoo 360 and Longofo of Knownsec 404 Team, and was addressed in Oracle's April 2020 Critical Patch Update (Oracle CPU).

The vulnerability exists in the Web Services component of Oracle WebLogic Server. It can be exploited through network access using either IIOP (Internet Inter-ORB Protocol) or T3 (Oracle's proprietary protocol) protocols. The vulnerability requires a high-privileged attacker to exploit (NVD).

A successful exploitation of this vulnerability could result in the complete compromise of Oracle WebLogic Server. Given the critical nature of WebLogic Server in enterprise environments, this could potentially lead to significant system and data compromise (NVD).

Oracle addressed this vulnerability in the April 2020 Critical Patch Update. Organizations using affected versions of Oracle WebLogic Server should apply the security patches as soon as possible (Oracle CPU).