Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Description confirms unauthenticated network HTTP exploitation (AV:N/AC:L/PR:N/UI:N), scope change into adjacent products (S:C), full read of accessible data (C:H), partial write (I:L), and no availability impact (A:N).
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). The supported version that is affected is 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. While the vulnerability is in Oracle Coherence, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Coherence accessible data as well as unauthorized update, insert or delete access to some of Oracle Coherence accessible data. CVSS 3.1 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N).
AnalysisAI
Unauthenticated remote compromise of Oracle Coherence 15.1.1.0.0 (Oracle Fusion Middleware) via HTTP allows attackers to read all accessible data and modify a subset, with a scope change that can impact adjacent products. CVSS 3.1 base score is 9.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N) and no public exploit is identified at time of analysis, though the low attack complexity and unauthenticated network reachability make this a high-priority Critical Patch Update item.
Technical ContextAI
Oracle Coherence is an in-memory data grid used as a distributed caching and computation layer within Oracle Fusion Middleware deployments, frequently fronted by WebLogic and exposed via HTTP-based management and proxy services. The flaw lives in the 'Centralized Third Party Jars' component, indicating a defect in a bundled third-party library reachable through Coherence's HTTP interface; the scope-change flag (S:C) implies the vulnerable Coherence process can act on resources beyond its own security authority, typically meaning the surrounding JVM/container or co-located Fusion Middleware components are reachable from a successful exploit. No CWE has been assigned by Oracle, but the 'Authentication Bypass' tag combined with PR:N/UI:N and the third-party-jar component points to a pre-authentication parsing or routing flaw in a shared library rather than a Coherence-native protocol bug.
RemediationAI
Apply the patch shipped in Oracle's June 2026 Critical Patch Update (https://www.oracle.com/security-alerts/cspujun2026.html) for Oracle Coherence 15.1.1.0.0 - patch availability is confirmed via the Oracle CPU advisory, though no standalone fix version string is published outside of the CPU bundle, so install the CPU as the primary remediation. Until patched, restrict network reachability of Coherence HTTP/proxy listeners (default 7574 cluster, plus any Coherence*Extend or HTTP management endpoints) to trusted management subnets via firewall or service-mesh policy, and ensure the Coherence process is not exposed to the public internet or untrusted tenants; this will block remote unauthenticated reach but may disrupt cross-datacenter clients and remote Extend consumers, so test against application topology first. If a third-party JAR can be identified from the Oracle README once available, consider replacing or removing the vulnerable library as a secondary control, accepting that Oracle may not support a Coherence installation with modified bundled dependencies.
More in Oracle Coherence
View allRemote takeover of Oracle Coherence (Fusion Middleware) via the Centralized Third Party Jars component allows an unauthe
Remote takeover of Oracle Coherence is possible via HTTP by an unauthenticated network attacker, affecting Oracle Fusion
Remote takeover of Oracle Coherence (Fusion Middleware component) is possible by unauthenticated network attackers reach
Remote takeover of Oracle Coherence is possible by unauthenticated attackers with HTTP network access to affected Fusion
Remote unauthenticated takeover of Oracle Coherence (Oracle Fusion Middleware) is possible over HTTPS, affecting support
Unauthenticated remote compromise of Oracle Coherence 15.1.1.0.0 (Oracle Fusion Middleware, Centralized Third Party Jars
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37431