Unauthenticated Network Vulnerability in Oracle Coherence
CVE-2022-21420

9.8CRITICAL

Key Information:

Vendor: Oracle
Status: Coherence
Vendor: CVE Published:; 19 April 2022

Summary

A vulnerability exists in the Oracle Coherence component of Oracle Fusion Middleware that allows an unauthenticated attacker to gain access via the T3 protocol. This security flaw permits unauthorized control over the affected systems, potentially leading to a full compromise of Oracle Coherence instances. The vulnerability affects specific versions, making it essential for users to review their current deployments and apply necessary security patches to mitigate the associated risks.

Affected Version(s)

Coherence 12.2.1.3.0

Coherence 12.2.1.4.0

Coherence 14.1.1.0.0

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021