Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOracle Access Manager
APPOracle11.1.2.3.0Oracle Coherence
APPOracle12.1.3.0.012.2.1.3.012.2.1.4.03.7.1.0Oracle Commerce Platform
APPOracle11.0.011.1.011.2.011.3.0 – 11.3.2Oracle Communications Diameter Signaling Router
APPOracle8.0.0 – 8.2.2Oracle Healthcare Data Repository
APPOracle7.0.1Oracle Rapid Planning
APPOracle12.112.2Oracle Retail Assortment Planning
APPOracle15.016.0Oracle Utilities Framework
APPOracle4.2.0.2.04.2.0.3.04.4.0.0.04.4.0.2.04.3.0.1.0 – 4.3.0.6.0Oracle Webcenter Portal
APPOracle12.2.1.3.012.2.1.4.0
CISA KEV — szczegółyi
- Dostawcai
- Oracle ↗
- Produkti
- Multiple Products
- Data dodania do KEVi
- 3 listopada 2021
- Termin remediation (USA)i
- 3 maja 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami producenta.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Wiele produktów Oracle zawiera lukę umożliwiającą zdalne wykonanie kodu, która pozwala nieuwierytelniowemu atakującemu z dostępem sieciowym poprzez T3 lub HTTP przejąć kontrolę nad systemem. Dotknięte produkty Oracle: Oracle Coherence w Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment Planning, Oracle Commerce, Oracle Communications Diameter Signaling Router (DSR).
▸ Pokaż oryginał (EN)
Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment Planning, Oracle Commerce, Oracle Communications Diameter Signaling Router (DSR).
Powiązane podatności
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Sup...
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbit...
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versio...
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versio...