Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-2555
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Oracle Utilities Framework 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Oracle Utilities Framework是美国甲骨文(Oracle)公司的一款应用程序框架累计功能工具。该工具可以轻松查找在两次发行之间添加到应用程序的功能。 Oracle Utilities Framework中的Coherence 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0 和 4.4.0.2.0版本的Caching,CacheStore,Invocation组件存在安全漏洞。攻击者可利用该漏洞控制Oracle Coherenc
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Oracle CorporationWebCenter Portal 12.2.1.3.0 -
Oracle CorporationUtilities Framework 4.2.0.2.0 -
II. Public POCs for CVE-2020-2555
#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/Hu3sky/CVE-2020-2555POC Details
2CVE-2020-2555 Python POChttps://github.com/wsfengfan/CVE-2020-2555POC Details
3Weblogic com.tangosol.util.extractor.ReflectionExtractor RCEhttps://github.com/Y4er/CVE-2020-2555POC Details
4CVE-2020-2555https://github.com/Maskhe/cve-2020-2555POC Details
5Nonehttps://github.com/Uvemode/CVE-2020-2555POC Details
6poc for CVE-2020-2555https://github.com/Qynklee/POC_CVE-2020-2555POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-2555
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: WebCenter Portal
Same vendor: Oracle Corporation
V. Comments for CVE-2020-2555

No comments yet

Leave a comment