Oracle Coherence
Monthly
Remote takeover of Oracle Coherence (Fusion Middleware component) is possible by unauthenticated network attackers reaching the HTTP interface, per Oracle's June 2026 Critical Patch Update. Affected versions span 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0, with a CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) indicating full compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis, but the trivial attack complexity and unauthenticated network reach make this a top-priority patch for any exposed Coherence cluster.
Remote takeover of Oracle Coherence is possible by unauthenticated attackers with HTTP network access to affected Fusion Middleware deployments running versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, or 15.1.1.0.0. The flaw resides in the Centralized Third Party Jars component and carries a critical 9.8 CVSS score with full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis, but the trivial attack profile and Oracle's CPU disclosure pattern make weaponization likely.
Remote takeover of Oracle Coherence (Fusion Middleware) via the Centralized Third Party Jars component allows an unauthenticated network attacker over HTTP to fully compromise affected deployments, with scope change permitting impact on additional connected products. Supported versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 carry a maximum CVSS 3.1 base score of 10.0 across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Remote takeover of Oracle Coherence is possible via HTTP by an unauthenticated network attacker, affecting Oracle Fusion Middleware versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0. The flaw carries the maximum CVSS 3.1 base score of 10.0 with scope change, meaning successful exploitation can pivot impact into other products that rely on the Coherence cluster. No public exploit identified at time of analysis, but the trivial attack complexity and Oracle's critical scoring make this a top-priority patch item.
Unauthenticated remote compromise of Oracle Coherence 15.1.1.0.0 (Oracle Fusion Middleware, Centralized Third Party Jars component) allows network-based attackers to read all Coherence-accessible data and perform limited data modification over HTTP, with a scope change that can impact additional products in the same deployment. Oracle rates the issue CVSS 9.3 and describes it as easily exploitable; no public exploit identified at time of analysis and it is not currently on the CISA KEV list.
Unauthenticated remote compromise of Oracle Coherence 15.1.1.0.0 (Oracle Fusion Middleware) via HTTP allows attackers to read all accessible data and modify a subset, with a scope change that can impact adjacent products. CVSS 3.1 base score is 9.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N) and no public exploit is identified at time of analysis, though the low attack complexity and unauthenticated network reachability make this a high-priority Critical Patch Update item.
Remote unauthenticated takeover of Oracle Coherence (Oracle Fusion Middleware) is possible over HTTPS, affecting supported versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0. The flaw carries a CVSS 3.1 base score of 9.8 with full confidentiality, integrity, and availability impact, and at the time of analysis no public exploit identified at time of analysis.
Remote takeover of Oracle Coherence (Fusion Middleware component) is possible by unauthenticated network attackers reaching the HTTP interface, per Oracle's June 2026 Critical Patch Update. Affected versions span 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0, with a CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) indicating full compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis, but the trivial attack complexity and unauthenticated network reach make this a top-priority patch for any exposed Coherence cluster.
Remote takeover of Oracle Coherence is possible by unauthenticated attackers with HTTP network access to affected Fusion Middleware deployments running versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, or 15.1.1.0.0. The flaw resides in the Centralized Third Party Jars component and carries a critical 9.8 CVSS score with full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis, but the trivial attack profile and Oracle's CPU disclosure pattern make weaponization likely.
Remote takeover of Oracle Coherence (Fusion Middleware) via the Centralized Third Party Jars component allows an unauthenticated network attacker over HTTP to fully compromise affected deployments, with scope change permitting impact on additional connected products. Supported versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 carry a maximum CVSS 3.1 base score of 10.0 across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Remote takeover of Oracle Coherence is possible via HTTP by an unauthenticated network attacker, affecting Oracle Fusion Middleware versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0. The flaw carries the maximum CVSS 3.1 base score of 10.0 with scope change, meaning successful exploitation can pivot impact into other products that rely on the Coherence cluster. No public exploit identified at time of analysis, but the trivial attack complexity and Oracle's critical scoring make this a top-priority patch item.
Unauthenticated remote compromise of Oracle Coherence 15.1.1.0.0 (Oracle Fusion Middleware, Centralized Third Party Jars component) allows network-based attackers to read all Coherence-accessible data and perform limited data modification over HTTP, with a scope change that can impact additional products in the same deployment. Oracle rates the issue CVSS 9.3 and describes it as easily exploitable; no public exploit identified at time of analysis and it is not currently on the CISA KEV list.
Unauthenticated remote compromise of Oracle Coherence 15.1.1.0.0 (Oracle Fusion Middleware) via HTTP allows attackers to read all accessible data and modify a subset, with a scope change that can impact adjacent products. CVSS 3.1 base score is 9.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N) and no public exploit is identified at time of analysis, though the low attack complexity and unauthenticated network reachability make this a high-priority Critical Patch Update item.
Remote unauthenticated takeover of Oracle Coherence (Oracle Fusion Middleware) is possible over HTTPS, affecting supported versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0. The flaw carries a CVSS 3.1 base score of 9.8 with full confidentiality, integrity, and availability impact, and at the time of analysis no public exploit identified at time of analysis.