Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2020-14756

Published: 20/01/2021 Updated: 29/03/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Oracle

Vulnerability Summary

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle coherence 3.7.1.0

oracle coherence 12.1.3.0.0

oracle coherence 12.2.1.3.0

oracle coherence 12.2.1.4.0

oracle coherence 14.1.1.0.0

oracle utilities framework 4.2.0.2.0

oracle utilities framework 4.2.0.3.0

oracle utilities framework

oracle utilities framework 4.4.0.0.0

oracle utilities framework 4.4.0.2.0

oracle utilities framework 4.4.0.3.0

Github Repositories

https://github.com/Y4er/CVE-2020-14756

WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar

CVE-2020-14756 WebLogic T3/IIOP RCE ExternalizableHelperclass of coherencejar README project base on githubcom/Y4er/CVE-2020-2555 and weblogic_cmd test on 122140 and jdk 180_221 Reference y4ercom/post/weblogic-cve-2020-14756/ mpweixinqqcom/s/E-4wjbKD-iSi0CEMegVmZQ

https://github.com/cL0und/cl0und

Some high-quality CVEs I got CVE-2020-14756 CVE-2021-2135 CVE-2021-2136 CVE-2022-21420

https://github.com/freeide/CVE-2021-2394

POC of CVE-2021-2394

CVE-2021-2394 POC of CVE-2021-2394 免责声明 项目仅供学习使用,任何未授权检测造成的直接或者间接的后果及损失,均由使用者本人负责 注意事项 POC使用IIOP发包,请添加相关依赖(已将122130版本的依赖放release) 请使用低版本的jdk安装weblogic进行测试 使用方法: 启动一个ldap服务 ja

References

NVD-CWE-noinfohttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://nvd.nist.govhttps://github.com/Y4er/CVE-2020-14756
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook