CVE-2020-2915: 
Oracle Coherence vulnerability analysis and mitigation

CVE-2020-2915 is a vulnerability in Oracle Coherence, a component of Oracle Fusion Middleware. The vulnerability affects versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via IIOP or T3 protocols to compromise Oracle Coherence (Oracle CPUApr2020).

The vulnerability is related to the Caching, CacheStore, and Invocation components of Oracle Coherence. It can be exploited through Oracle's proprietary T3 protocol or IIOP (Internet Inter-ORB Protocol). The vulnerability has been assigned a CVSS Base Score of 9.8, indicating critical severity with high impacts on confidentiality, integrity, and availability (NVD).

A successful exploitation of this vulnerability could result in a complete compromise of Oracle Coherence, potentially allowing attackers to gain unauthorized access to sensitive data, modify system configurations, and disrupt service availability (Oracle CPUApr2020).

Oracle has released security patches as part of the April 2020 Critical Patch Update. Organizations are strongly recommended to apply these security patches immediately to protect against potential exploitation. The patches are available for all supported versions of the affected Oracle Coherence product (Oracle CPUApr2020).

Oracle's Director of Security Assurance Eric Maurice acknowledged receiving reports of attempts to maliciously exploit several recently-patched vulnerabilities, highlighting the urgency of applying the security updates (GBHackers).