Pentera Labs demonstrates chaining CVE-2020-14883 and CVE-2020-14882 to achieve unauthenticated remote code execution against Oracle WebLogic, then using that access to read config files (config.xml, boot.properties, SerializedSystemIni.dat), decrypt administrator credentials offline or via WLST, and log into the management API. From there attackers can enumerate JDBC resources to harvest database credentials and modify existing WARs to deploy stealthy webshells, creating persistent backdoors. The report concludes with mitigations: patching, credential hygiene, network segmentation, monitoring, and least-privilege controls.

Join for free to read