Denial of Service Vulnerability in Oracle Coherence Product by Oracle
CVE-2020-14642

7.5HIGH

Key Information:

Vendor: Oracle
Status: Coherence
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability in the Oracle Coherence product within Oracle Fusion Middleware allows unauthenticated attackers with network access via HTTP to exploit the affected software. Successful exploitation can lead to a denial of service, causing the affected system to hang or crash frequently. Users of the specified versions should take immediate action to mitigate potential risks.

Affected Version(s)

Coherence 3.7.1.0

Coherence 12.1.3.0.0

Coherence 12.2.1.3.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020