admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2024-02-22 14:19:58 +08:00 committed by GitHub
parent 6c3ccd1e78
commit 2e1b680bd9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
GobyVuls-Document.md
View File

@ -1,7 +1,20 @@
# Goby History Update Vulnerability Total Document (Continuously Update)
The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
**Updated document date: February 6, 2024**
**Updated document date: February 22, 2024**
## Weblogic ForeignOpaqueReference remote code execution vulnerability (CVE-2024-20931)
| **Vulnerability** | Weblogic ForeignOpaqueReference remote code execution vulnerability (CVE-2024-20931) |
| :----: | :-----|
| **Chinese name** | Weblogic ForeignOpaqueReference 远程代码执行漏洞CVE-2024-20931 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [app="Weblogic_interface_7001"](https://en.fofa.info/result?qbase64=KGJvZHk9IldlbGNvbWUgdG8gV2ViTG9naWMgU2VydmVyIil8fCh0aXRsZT09IkVycm9yIDQwNC0tTm90IEZvdW5kIikgfHwgKCgoYm9keT0iPGgxPkJFQSBXZWJMb2dpYyBTZXJ2ZXIiIHx8IHNlcnZlcj0iV2VibG9naWMiIHx8IGJvZHk9ImNvbnRlbnQ9XCJXZWJMb2dpYyBTZXJ2ZXIiIHx8IGJvZHk9IjxoMT5XZWxjb21lIHRvIFdlYmxvZ2ljIEFwcGxpY2F0aW9uIiB8fCBib2R5PSI8aDE%2BQkVBIFdlYkxvZ2ljIFNlcnZlciIpICYmIGhlYWRlciE9ImNvdWNoZGIiICYmIGhlYWRlciE9ImJvYSIgJiYgaGVhZGVyIT0iUm91dGVyT1MiICYmIGhlYWRlciE9IlgtR2VuZXJhdG9yOiBEcnVwYWwiKSB8fCAoYmFubmVyPSJXZWJsb2dpYyIgJiYgYmFubmVyIT0iY291Y2hkYiIgJiYgYmFubmVyIT0iZHJ1cGFsIiAmJiBiYW5uZXIhPSIgQXBhY2hlLFRvbWNhdCxKYm9zcyIgJiYgYmFubmVyIT0iUmVlQ2FtIElQIENhbWVyYSIgJiYgYmFubmVyIT0iPGgyPkJsb2cgQ29tbWVudHM8L2gyPiIpKSB8fCAocG9ydD0iNzAwMSIgJiYgcHJvdG9jb2w9PSJ3ZWJsb2dpYyIp)|
| **Number of assets affected** | 194125 |
| **Description** | WebLogic Server is one of the application server components suitable for both cloud and traditional environments.WebLogic has a remote code execution vulnerability that allows an unauthenticated attacker to access and destroy a vulnerable WebLogic Server through the IIOP protocol network. Successful exploitation of the vulnerability can cause WebLogic Server to be taken over by an attacker, resulting in remote code execution. |
| **Impact** | There is a remote code execution vulnerability in WebLogic, which allows an unauthenticated attacker to access and damage the vulnerable WebLogic Server through the IIOP protocol network. Successful exploitation of the vulnerability can lead to WebLogic Server being taken over by the attacker, resulting in remote code execution. |
![](https://s3.bmp.ovh/imgs/2024/02/22/1919f42ca2a57a19.gif).
## Ivanti Connect Secure and Policy Secure saml20.ws server-side request forgery vulnerability (CVE-2024-21893)