VAR-202001-1034
Vulnerability from variot - Updated: 2024-01-03 13:14Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Oracle Fusion Middleware of Oracle Coherence In Caching,CacheStore,Invocation There are vulnerabilities that affect confidentiality, integrity, and availability due to a flaw in processing.Information gained, falsified, and denial of service by remote attackers (DoS) An attack could be made. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the T3 protocol on TCP port 7001. When deserializing objects embedded with T3 protocol messages, the server allows deserialization of classes that may lead to arbitrary code execution. An attacker can leverage this vulnerability to execute code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The platform provides functions such as middleware and software collection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.1"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.0"
},
{
"model": "utilities framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.7.1.0"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle coherence 12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle coherence 12.2.1.3.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle coherence 12.2.1.4.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle coherence 3.7.1.17"
},
{
"model": "weblogic",
"scope": null,
"trust": 0.7,
"vendor": "oracle",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-128"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001293"
},
{
"db": "NVD",
"id": "CVE-2020-2555"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:3.7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2555"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jang from VNPT ISC",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-128"
}
],
"trust": 0.7
},
"cve": "CVE-2020-2555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-2555",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-179539",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert_us@oracle.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-2555",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-2555",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-2555",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "secalert_us@oracle.com",
"id": "CVE-2020-2555",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-2555",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-679",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-179539",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-2555",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-128"
},
{
"db": "VULHUB",
"id": "VHN-179539"
},
{
"db": "VULMON",
"id": "CVE-2020-2555"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001293"
},
{
"db": "NVD",
"id": "CVE-2020-2555"
},
{
"db": "NVD",
"id": "CVE-2020-2555"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-679"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Oracle Fusion Middleware of Oracle Coherence In Caching,CacheStore,Invocation There are vulnerabilities that affect confidentiality, integrity, and availability due to a flaw in processing.Information gained, falsified, and denial of service by remote attackers (DoS) An attack could be made. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the T3 protocol on TCP port 7001. When deserializing objects embedded with T3 protocol messages, the server allows deserialization of classes that may lead to arbitrary code execution. An attacker can leverage this vulnerability to execute code in the context of the current process. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The platform provides functions such as middleware and software collection",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2555"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001293"
},
{
"db": "ZDI",
"id": "ZDI-20-128"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-179539"
},
{
"db": "VULMON",
"id": "CVE-2020-2555"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-179539",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-179539"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-2555",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "157207",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "157795",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "157054",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-128",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001293",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9020",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "48508",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202001-679",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "48320",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072118",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072735",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "45703",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2020050174",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2020040075",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-98140",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-179539",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-2555",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-128"
},
{
"db": "VULHUB",
"id": "VHN-179539"
},
{
"db": "VULMON",
"id": "CVE-2020-2555"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001293"
},
{
"db": "NVD",
"id": "CVE-2020-2555"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-679"
}
]
},
"id": "VAR-202001-1034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-179539"
}
],
"trust": 0.01
},
"last_update_date": "2024-01-03T13:14:56.652000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - January 2020",
"trust": 1.5,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2020 Risk Matrices",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html"
},
{
"title": "Oracle Fusion Middleware Coherence Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108607"
},
{
"title": "CVE-2020-2555\nRequire\nReference",
"trust": 0.1,
"url": "https://github.com/uvemode/cve-2020-2555 "
},
{
"title": "CVE-2020-2555\nRequire\nReference",
"trust": 0.1,
"url": "https://github.com/y4er/cve-2020-2555 "
},
{
"title": "POC_CVE-2020-2555",
"trust": 0.1,
"url": "https://github.com/qynklee/poc_cve-2020-2555 "
},
{
"title": "CVE-2020-2555",
"trust": 0.1,
"url": "https://github.com/wsfengfan/cve-2020-2555 "
},
{
"title": "Attacking_Shiro_with_CVE_2020_2555",
"trust": 0.1,
"url": "https://github.com/feihong-cs/attacking_shiro_with_cve_2020_2555 "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-128"
},
{
"db": "VULMON",
"id": "CVE-2020-2555"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001293"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-679"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-179539"
},
{
"db": "NVD",
"id": "CVE-2020-2555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/157054/oracle-coherence-fusion-middleware-remote-code-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/157207/oracle-weblogic-server-12.2.1.4.0-remote-code-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/157795/weblogic-server-deserialization-remote-code-execution.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2555"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-2555"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020040075"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/48508"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/45703"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-fusion-middleware-vulnerabilities-of-january-2020-31329"
},
{
"trust": 0.6,
"url": "https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-026.pdf"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-128/"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/48320"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020050174"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072118"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072735"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-128"
},
{
"db": "VULHUB",
"id": "VHN-179539"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001293"
},
{
"db": "NVD",
"id": "CVE-2020-2555"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-679"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-128"
},
{
"db": "VULHUB",
"id": "VHN-179539"
},
{
"db": "VULMON",
"id": "CVE-2020-2555"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001293"
},
{
"db": "NVD",
"id": "CVE-2020-2555"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-679"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-15T00:00:00",
"db": "ZDI",
"id": "ZDI-20-128"
},
{
"date": "2020-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-179539"
},
{
"date": "2020-01-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-2555"
},
{
"date": "2020-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001293"
},
{
"date": "2020-01-15T17:15:17.347000",
"db": "NVD",
"id": "CVE-2020-2555"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2020-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-679"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-15T00:00:00",
"db": "ZDI",
"id": "ZDI-20-128"
},
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-179539"
},
{
"date": "2022-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2020-2555"
},
{
"date": "2020-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001293"
},
{
"date": "2022-10-25T17:58:12.627000",
"db": "NVD",
"id": "CVE-2020-2555"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-679"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-679"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Fusion Middleware of Oracle Coherence In Caching,CacheStore,Invocation Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001293"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…