← back
CVE-2020-2555

CVE-2020-2555

CVSS 9.8 CRITICALEPSS 97.1%● KEVCWE-502
In short

Oracle Coherence contains a critical flaw allowing attackers to remotely take over the system without any authentication. An attacker can send specially crafted data through the network to execute malicious code and gain complete control.

Technical detail

Unsafe deserialization vulnerability (CWE-502) in Oracle Coherence caching component accessible via T3 protocol. Requires network access but no authentication or user interaction; successful exploitation results in remote code execution and complete system compromise affecting versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0.

Summary generated and translated by AI from the official description.
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Oracle Corporation · Utilities FrameworkOracle Corporation · WebCenter Portal
public PoCs found10
githubgithub.com/Y4er/CVE-2020-2555178githubgithub.com/wsfengfan/CVE-2020-255545githubgithub.com/Maskhe/cve-2020-255514githubgithub.com/Hu3sky/CVE-2020-25553githubgithub.com/Qynklee/POC_CVE-2020-25551exploitdbwww.exploit-db.com/exploits/48508unverifiedcve_referencepacketstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48320unverifiedcve_referencepacketstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-2555https://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html