CVE-2021-2344

Name of the Vulnerable Software and Affected Versions Oracle Coherence versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0

Description The issue exists due to insufficient input validation in the Core component of Oracle Coherence, allowing a remote attacker to cause the device to hang or deny service. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle Coherence. The vulnerability can be exploited via T3, IIOP by an unauthenticated attacker with network access.

Recommendations For versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, consider restricting network access via T3, IIOP to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider implementing additional validation for incoming requests to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.