CVE-2020-2555: Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

KEVITWEXPLOIT

CISA Known Exploited Vulnerabilitydue 2022-05-03

Exploited in the wild

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected

29 ranges· showing 25

Vendor	Product	Version range	Fixed in
oracle	access_manager	—	—
oracle	coherence	—	—
oracle	coherence	—	—
oracle	coherence	—	—
oracle	coherence	—	—
oracle	commerce_platform	—	—
oracle	commerce_platform	—	—
oracle	commerce_platform	—	—
oracle	commerce_platform	11.3.0 – 11.3.2	—
oracle	communications_diameter_signaling_router	8.0.0 – 8.2.2	—
oracle	healthcare_data_repository	—	—
oracle	rapid_planning	—	—
oracle	rapid_planning	—	—
oracle	retail_assortment_planning	—	—
oracle	retail_assortment_planning	—	—
oracle	utilities_framework	—	—
oracle	utilities_framework	—	—
oracle	utilities_framework	—	—
oracle	utilities_framework	—	—
oracle	utilities_framework	4.3.0.1.0 – 4.3.0.6.0	—
oracle	webcenter_portal	—	—
oracle	webcenter_portal	—	—
oracle_corporation	utilities_framework	—	—
oracle_corporation	utilities_framework	—	—
oracle_corporation	utilities_framework	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

vulncheck9.8CRITICAL

cisa9.8CRITICAL