CVE-2020-14756

Name of the Vulnerable Software and Affected Versions: Oracle Coherence versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Description: The issue is related to insufficient access control in the Core Components of Oracle Coherence, allowing an unauthenticated attacker with network access via IIOP, T3 protocols to compromise Oracle Coherence. Successful attacks can result in the takeover of Oracle Coherence. The vulnerability can be exploited remotely, giving the attacker full control over the application.

Recommendations: For versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, consider restricting access to the IIOP and T3 protocols until a patch is available. As a temporary workaround, consider disabling remote access to Oracle Coherence until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.