CVE-2020-14756

CRITICAL EXPLOITED

Oracle Coherence <14.1.1.0.0 - RCE

Title source: llm

Description

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (2)

nomisec WORKING POC 80 stars

by Y4er · remote

https://github.com/Y4er/CVE-2020-14756

View Code ZIP pw:eip

nomisec SCANNER 12 stars

by somatrasss · poc

https://github.com/somatrasss/weblogic2021

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] https://www.oracle.com/security-alerts/cpujan2021.html

[Patch, Vendor Advisory] https://www.oracle.com/security-alerts/cpujan2022.html

Scores

CVSS v3 9.8

EPSS 0.8720

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-11-20

Status published

Products (11)

oracle/coherence 3.7.1.0

oracle/coherence 12.1.3.0.0

oracle/coherence 12.2.1.3.0

oracle/coherence 12.2.1.4.0

oracle/coherence 14.1.1.0.0

oracle/utilities_framework 4.2.0.2.0

oracle/utilities_framework 4.2.0.3.0

oracle/utilities_framework 4.4.0.0.0

oracle/utilities_framework 4.4.0.2.0

oracle/utilities_framework 4.4.0.3.0

... and 1 more

Published Jan 20, 2021

Tracked Since Feb 18, 2026