CVE-2022-21570: 
Oracle Coherence vulnerability analysis and mitigation

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle Coherence (Oracle CPU Jul 2022, NVD).

The vulnerability has a CVSS Base Score of 7.5 HIGH with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-based (T3, IIOP protocols), requires low attack complexity, needs no privileges or user interaction, and has an unchanged scope (NVD).

Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. The vulnerability only affects availability with no impact on confidentiality or integrity (NVD).

Oracle has released security patches for affected versions (3.7.1.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0) as part of the July 2022 Critical Patch Update. Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible (Oracle CPU Jul 2022).