CVE-2021-2371: 
Oracle Coherence vulnerability analysis and mitigation

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3, IIOP to compromise Oracle Coherence (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 (High) with the vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-accessible, requires low attack complexity, needs no privileges or user interaction, and primarily impacts system availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. The vulnerability affects the core component and has high availability impact while confidentiality and integrity remain unaffected (Oracle Advisory).

Oracle has released security patches to address this vulnerability as part of the July 2021 Critical Patch Update. Users should apply the security patches to the affected versions: 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 (Oracle Advisory).

The vulnerability was discovered and reported by security researcher threedr3am, who was acknowledged in Oracle's Critical Patch Update Advisory (Oracle Advisory).