CVE-2021-2302

Author: quynhle

Gadget chain

javax.management.BadAttributeValueExpException.readObject()
  oracle.security.jps.az.internal.common.principals.toString()
    oracle.security.jps.az.internal.common.principals.getResolvedPrincipal()
         . . . con.newInstance() . . .
      com.tangosol.coherence.mvel2.sh.ShellSession()
      com.tangosol.coherence.mvel2.sh.ShellSession.exec()
              . . . MVEL expression . . .
  --->   RCE

Lab Environment

Orace Weblogic Server: 12.1.2.3
Oracle Business Intelligence: 12.1.2.4
Oracle Database 19c

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
lib		lib
src		src
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lib

lib

src

src

README.md

README.md

Repository files navigation

CVE-2021-2302

Lab Environment

PoC

About

Releases

Packages

Languages

quynhle7821/CVE-2021-2302

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-2302

Lab Environment

PoC

About

Resources

Stars

Watchers

Forks

Languages