CVE-2020-2555

Warning

Exploit

EPSS 93.16%
Published 15.01.2020 17:15:17
Last modified 14.02.2025 16:47:18
Source secalert_us@oracle.com
Teams watchlist Login
Open Login

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected products Warnungen 1 Metrics 4 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Access Manager Version11.1.2.3.0

Oracle ≫ Coherence Version3.7.1.0

Oracle ≫ Coherence Version12.1.3.0.0

Oracle ≫ Coherence Version12.2.1.3.0

Oracle ≫ Coherence Version12.2.1.4.0

Oracle ≫ Commerce Platform Version >= 11.3.0 <= 11.3.2

Oracle ≫ Commerce Platform Version11.0.0

Oracle ≫ Commerce Platform Version11.1.0

Oracle ≫ Commerce Platform Version11.2.0

Oracle ≫ Communications Diameter Signaling Router Version >= 8.0.0 <= 8.2.2

Oracle ≫ Healthcare Data Repository Version7.0.1

Oracle ≫ Rapid Planning Version12.1

Oracle ≫ Rapid Planning Version12.2

Oracle ≫ Retail Assortment Planning Version15.0

Oracle ≫ Retail Assortment Planning Version16.0

Oracle ≫ Utilities Framework Version >= 4.3.0.1.0 <= 4.3.0.6.0

Oracle ≫ Utilities Framework Version4.2.0.2.0

Oracle ≫ Utilities Framework Version4.2.0.3.0

Oracle ≫ Utilities Framework Version4.4.0.0.0

Oracle ≫ Utilities Framework Version4.4.0.2.0

Oracle ≫ Webcenter Portal Version12.2.1.3.0

Oracle ≫ Webcenter Portal Version12.2.1.4.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Oracle Multiple Products Remote Code Execution Vulnerability

Vulnerability

Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment Planning, Oracle Commerce, Oracle Communications Diameter Signaling Router (DSR).

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93.16%	0.998

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
secalert_us@oracle.com	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H