CVE-2022-21570

Name of the Vulnerable Software and Affected Versions Oracle Coherence versions 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Description The issue is related to insufficient input validation in the Core component of Oracle Coherence, allowing an unauthenticated attacker with network access via T3 or IIOP protocols to compromise Oracle Coherence. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence.

Recommendations For versions 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, consider restricting network access via T3 and IIOP protocols to minimize the risk of exploitation. As a temporary workaround, limit the ability of remote attackers to cause a hang or crash of Oracle Coherence by implementing additional security measures, such as network segmentation or intrusion detection systems. At the moment, there is no information about a newer version that contains a fix for this vulnerability.