nvd-json-data-feeds/CVE-2020/CVE-2020-146xx/CVE-2020-14642.json

{
  "id": "CVE-2020-14642",
  "sourceIdentifier": "secalert_us@oracle.com",
  "published": "2020-07-15T18:15:29.287",
  "lastModified": "2020-07-20T15:33:40.177",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: CacheStore). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Oracle Coherence de Oracle Fusion Middleware (componente: CacheStore). Las versiones compatibles que est\u00e1n afectadas son 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 y 14.1.1.0.0. La vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso de red por medio de HTTP comprometer a Oracle Coherence. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar un suspensi\u00f3n o bloqueo repetible frecuentemente (DOS completo) de Oracle Coherence. CVSS 3.1 Puntuaci\u00f3n Base 7.5 (Impactos de la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      },
      {
        "source": "secalert_us@oracle.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-404"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:coherence:3.7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06EF2E5D-265E-44FE-9F99-7C5AC7B2C0FC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:coherence:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3D6BC7-B12D-44A9-84F1-7B97F848B97A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:coherence:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "956B2712-8FB5-4FBF-A7FF-8930C05677FA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA64A1D-34F9-4441-857A-25C165E6DBB6"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html",
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}