CVE-2020-2555

CVE Database · CVE-2020-2555

CVE-2020-2555

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

97.12%

Published

Jan 15, 2020

Modified

Oct 27, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (8)

All weaponized →

Exploit-DBOracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Exploit-DBWebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)TrickestTrickest PoC index GitHub PoCY4er/CVE-2020-2555★176 GitHub PoCwsfengfan/CVE-2020-2555★45 GitHub PoCMaskhe/cve-2020-2555★14 GitHub PoCHu3sky/CVE-2020-2555★3 GitHub PoCQynklee/POC_CVE-2020-2555★1

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-502CWE-502

Affected Products (22)

oracle · access_managervulnerable

oracle · coherencevulnerable