Update CVE-2020-14644.yaml

network/cves/2020/CVE-2020-14644.yaml

@@ -5,12 +5,15 @@ info:
   author: hnd3884
   severity: critical
   description: |
-    Oracle WebLogic Server (Core component) contains an insecure deserialization vulnerability that allows an unauthenticated remote attacker with network access via the T3 and IIOP protocols to achieve remote code execution (RCE) on affected servers. Affected product versions include 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Oracle published fixes in its July 2020 Critical Patch Update; multiple public proof-of-concept implementations exist and the vulnerability has been observed exploited in the wild.
+    Oracle WebLogic Server 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 contain a remote code execution caused by unauthenticated network access via IIOP and T3, letting attackers take over the server, exploit requires network access.
+  impact: |
+    Attackers can fully compromise the server, leading to data breach, service disruption, and potential control over the system.
+  remediation: |
+    Apply the latest security patches provided by Oracle for affected versions.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2020-14644
     - https://www.oracle.com/security-alerts/cpujul2020.html
     - https://www.tenable.com/cve/CVE-2020-14644
-    - https://www.cisa.gov/known-exploited-vulnerabilities-catalog
     - https://github.com/0xkami/cve-2020-14644
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H