Lucene search

K
attackerkbAttackerKBAKB:A4BDBFB9-4493-4EF5-8C05-276721F6549F
HistoryJan 15, 2020 - 12:00 a.m.

CVE-2020-2555

2020-01-1500:00:00
attackerkb.com
155

EPSS

0.975

Percentile

100.0%

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Recent assessments:

ccondon-r7 at January 29, 2021 5:47pm UTC reported:

Since this got a little more attention later in 2020, it’s probably good to note here that there are a number of different implementations of Oracle Coherence, and the likeliest attack vector that we’ve seen is WebLogic Server. WebLogic had a number of vulnerabilities that were exploited in the wild (some widely, e.g., CVE-2020-14882 and CVE-2020-14750) in 2020. Definitely a good idea to keep tight WebLogic patch cycles whenever possible.

space-r7 at May 15, 2020 7:02pm UTC reported:

Since this got a little more attention later in 2020, it’s probably good to note here that there are a number of different implementations of Oracle Coherence, and the likeliest attack vector that we’ve seen is WebLogic Server. WebLogic had a number of vulnerabilities that were exploited in the wild (some widely, e.g., CVE-2020-14882 and CVE-2020-14750) in 2020. Definitely a good idea to keep tight WebLogic patch cycles whenever possible.

gwillcox-r7 at October 20, 2020 6:53pm UTC reported:

Since this got a little more attention later in 2020, it’s probably good to note here that there are a number of different implementations of Oracle Coherence, and the likeliest attack vector that we’ve seen is WebLogic Server. WebLogic had a number of vulnerabilities that were exploited in the wild (some widely, e.g., CVE-2020-14882 and CVE-2020-14750) in 2020. Definitely a good idea to keep tight WebLogic patch cycles whenever possible.

Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 3