CVE-2020-14642

Name of the Vulnerable Software and Affected Versions Oracle Coherence versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Description The issue is related to insufficient access controls in the CacheStore component of Oracle Coherence, allowing a remote attacker to cause a denial of service. Successful exploitation can result in the ability to cause a hang or frequently repeatable crash of Oracle Coherence.

Recommendations For versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, consider restricting network access via HTTP to the CacheStore component until a patch is available. As a temporary workaround, consider disabling the CacheStore component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.