Arbitrary Code Execution in Oracle Coherence Product by Oracle
CVE-2020-2915

9.8CRITICAL

Key Information:

Vendor: Oracle
Status: Coherence
Vendor: CVE Published:; 15 April 2020

Summary

A vulnerability exists in Oracle Coherence within Oracle Fusion Middleware, specifically in the caching component. This vulnerability allows unauthenticated attackers with network access via IIOP or T3 protocol to exploit the system. Successful exploitation can lead to a complete takeover of Oracle Coherence, compromising confidentiality, integrity, and availability of the system. It is critical for organizations to patch supported versions to mitigate associated risks.

Affected Version(s)

Coherence 3.7.1.0

Coherence 12.1.3.0.0

Coherence 12.2.1.3.0

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019