CVE-2022-21570 in Coherenceinfo

Summary

by MITRE • 07/20/2022

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 08/13/2022

The vulnerability identified as CVE-2022-21570 represents a critical availability threat within Oracle Coherence, a distributed caching and processing platform integral to Oracle Fusion Middleware ecosystems. This flaw resides in the Core component of Oracle Coherence and affects specific version ranges including 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, making it a widespread concern across multiple deployment scenarios. The vulnerability's classification as easily exploitable indicates that attackers can leverage it without requiring specialized skills or privileged access, significantly amplifying its potential impact. The attack vector specifically targets network-based access through T3 and IIOP protocols, which are standard communication mechanisms used by Oracle Fusion Middleware components for inter-process communication and remote method invocation. These protocols, while essential for system functionality, create attack surfaces that malicious actors can exploit to gain unauthorized system control.

The technical nature of this vulnerability manifests as a flaw in the processing of incoming network requests that can trigger system instability leading to complete denial of service conditions. When exploited, the vulnerability enables attackers to cause either system hangs or repeated crashes that effectively render the Oracle Coherence service unavailable to legitimate users and applications. This behavior directly maps to the Common Weakness Enumeration identifier CWE-400, which categorizes weaknesses related to resource exhaustion or system instability caused by improper handling of input data or network requests. The vulnerability's impact is particularly severe as it affects the availability aspect of the system's security triad, with CVSS scoring of 7.5 indicating high severity. The attack requires no authentication credentials or user interaction, making it exceptionally dangerous in networked environments where these protocols are exposed to external networks. The vector notation CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H clearly demonstrates that network-based attacks with low complexity and no prerequisites can result in high availability impact without compromising confidentiality or integrity.

From an operational perspective, the implications of this vulnerability extend beyond simple service disruption to potentially catastrophic business impacts in enterprise environments relying on Oracle Coherence for critical data caching and processing functions. Organizations using affected versions face immediate risks of system downtime that can cascade through dependent applications and services, potentially affecting entire business processes that depend on distributed caching capabilities. The vulnerability's ability to cause complete denial of service through either hanging or repeated crashing means that recovery efforts may require system restarts, potentially resulting in data loss or inconsistency in distributed transactions. Security operations teams must consider the potential for this vulnerability to be exploited as part of broader attack campaigns targeting Oracle Fusion Middleware environments, particularly in scenarios where T3 and IIOP services are exposed to untrusted networks. The lack of authentication requirements means that this vulnerability can be exploited by any network entity capable of reaching the affected ports, making it particularly dangerous in cloud environments or when legacy systems expose these protocols without proper network segmentation.

Organizations should implement immediate mitigations including network segmentation to restrict access to T3 and IIOP ports, firewall rule implementations to block external access to these protocols, and consideration of disabling these protocols entirely if they are not essential for business operations. The ATT&CK framework's T1190 technique for exploit for execution through remote services aligns with this vulnerability's exploitation methods, indicating that defensive measures should include monitoring for unusual network traffic patterns on these specific ports. Regular patching strategies should be prioritized to upgrade to unaffected versions of Oracle Coherence, while network monitoring solutions should be configured to detect potential exploitation attempts. The vulnerability's classification as a resource exhaustion threat requires organizations to implement robust system monitoring and alerting mechanisms to detect early signs of system instability that may indicate exploitation attempts. Additionally, security teams should conduct comprehensive vulnerability assessments to identify all systems running affected Oracle Coherence versions and ensure that proper access controls are implemented to prevent unauthorized access to these critical communication protocols.

Responsible

Oracle

Reservation

11/15/2021

Disclosure

07/20/2022

Moderation

accepted

CPE

ready

EPSS

0.00810

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!