CVE-2020-2915

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Published: Apr 15, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-2915
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / coherence	12.2.1.3.0	12.2.1.3.0.x
oracle / coherence	12.1.3.0.0	12.1.3.0.0.x
oracle / coherence	3.7.1.0	3.7.1.0.x
oracle / coherence	12.2.1.4.0	12.2.1.4.0.x

https://www.oracle.com/security-alerts/cpuapr2020.html

Vulnerability Database

289,599

CVE-2020-2915