CVE-2021-2371

Name of the Vulnerable Software and Affected Versions Oracle Coherence versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Description The issue exists due to insufficient input validation in the Core component of Oracle Coherence. It can be exploited by a remote attacker using a specially crafted T3 protocol network request, potentially causing the device to hang or resulting in a denial of service. The vulnerability can be exploited via T3 or IIOP protocols.

Recommendations For Oracle Coherence version 3.7.1.0, update to a version that includes the fix for this issue. For Oracle Coherence version 12.1.3.0.0, update to a version that includes the fix for this issue. For Oracle Coherence version 12.2.1.3.0, update to a version that includes the fix for this issue. For Oracle Coherence version 12.2.1.4.0, update to a version that includes the fix for this issue. For Oracle Coherence version 14.1.1.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the T3 protocol to minimize the risk of exploitation.