Unauthenticated Network Access Vulnerability in Oracle Coherence by Oracle
CVE-2021-2428

8.1HIGH

Key Information:

Vendor: Oracle
Status: Coherence
Vendor: CVE Published:; 20 July 2021

Summary

A vulnerability has been identified in Oracle Coherence, part of Oracle Fusion Middleware. This weakness allows an unauthenticated attacker with network access through T3 or IIOP to exploit the system. If successfully exploited, the attacker could take control of Oracle Coherence, potentially leading to significant compromises in confidentiality, integrity, and availability.

Affected Version(s)

Coherence 12.1.3.0.0

Coherence 12.2.1.3.0

Coherence 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Dec 9, 2020