← Back

CVE-2020-14756

nvd nist
Published: Jan 20, 2021Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected (11)

Oracle
2 products
Coherence
Utilities Framework
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Coherence
Version 12.1.3.0.0
Coherence
Version 12.2.1.3.0
Coherence
Version 12.2.1.4.0
Coherence
Version 14.1.1.0.0
Coherence
Version 3.7.1.0
Oracle
Utilities Framework
From 4.3.0.1.0 to 4.3.0.6.0
Utilities Framework
Version 4.2.0.2.0
Utilities Framework
Version 4.2.0.3.0
Utilities Framework
Version 4.4.0.0.0
Utilities Framework
Version 4.4.0.2.0
Utilities Framework
Version 4.4.0.3.0

References (4)

Source: secalert_us@oracle.com
PatchVendor Advisory
Source: secalert_us@oracle.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.