CVE-2020-2949

Name of the Vulnerable Software and Affected Versions Oracle Coherence versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0

Description The issue is related to insufficient access controls in the Caching, CacheStore, and Invocation components of Oracle Coherence. This can be exploited by a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful attacks may result in unauthorized read access to a subset of Oracle Coherence accessible data.

Recommendations For version 3.7.1.0, update to a version that includes the necessary security fixes. For version 12.1.3.0.0, apply the recommended security patches to resolve the issue. For version 12.2.1.3.0, consider restricting access to the Caching, CacheStore, and Invocation components until a patch is available. For version 12.2.1.4.0, disable the vulnerable components temporarily as a workaround until an official fix is released.