Skip to main content

Coherence CVE-2020-14642

HIGH
Improper Resource Shutdown or Release (CWE-404)
2020-07-15 secalert_us@oracle.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 15, 2020 - 18:15 nvd
HIGH 7.5

DescriptionNVD

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: CacheStore). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

AnalysisAI

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: CacheStore). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-404. Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: CacheStore). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Affected products include: Oracle Coherence.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-2555 CRITICAL POC
9.8 Jan 15

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Ra

CVE-2022-21420 CRITICAL
9.8 Apr 19

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated critical severity (CV

CVE-2020-2915 CRITICAL
9.8 Apr 15

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation).

CVE-2021-2428 HIGH
8.1 Jul 21

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 8

CVE-2021-37136 HIGH
7.5 Oct 19

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which

CVE-2021-2371 HIGH
7.5 Jul 21

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7

CVE-2021-2344 HIGH
7.5 Jul 21

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7

CVE-2021-2277 HIGH
7.5 Apr 22

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7

CVE-2020-25649 HIGH
7.5 Dec 03

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high seve

CVE-2021-43797 MEDIUM
6.5 Dec 09

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performan

CVE-2018-20301 MEDIUM
6.5 Dec 20

An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. Rated

CVE-2021-21409 MEDIUM
5.9 Mar 30

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable h

Share

CVE-2020-14642 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy