CVE-2020-2915

CRITICAL

Oracle Coherence <12.2.1.4 - RCE

Title source: llm

Description

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (1)

gitlab

by java-exploit · poc

https://gitlab.com/penetration-test-learn/10vuln/java-exploit/CVE_2020_2546

View on gitlab

References (1)

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuapr2020.html

Scores

CVSS v3 9.8

EPSS 0.0319

EPSS Percentile 87.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (4)

oracle/coherence 3.7.1.0

oracle/coherence 12.1.3.0.0

oracle/coherence 12.2.1.3.0

oracle/coherence 12.2.1.4.0

Published Apr 15, 2020

Tracked Since Feb 18, 2026