CVE-2020-2555

KEV EPSS 93.14% · P100 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-2555

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Oracle Utilities Framework 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Oracle Utilities Framework是美国甲骨文（Oracle）公司的一款应用程序框架累计功能工具。该工具可以轻松查找在两次发行之间添加到应用程序的功能。 Oracle Utilities Framework中的Coherence 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0 和 4.4.0.2.0版本的Caching,CacheStore,Invocation组件存在安全漏洞。攻击者可利用该漏洞控制Oracle Coherenc

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Oracle Corporation	WebCenter Portal	12.2.1.3.0	-
Oracle Corporation	Utilities Framework	4.2.0.2.0	-

II. Public POCs for CVE-2020-2555

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/Hu3sky/CVE-2020-2555	POC Details
2	CVE-2020-2555 Python POC	https://github.com/wsfengfan/CVE-2020-2555	POC Details
3	Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE	https://github.com/Y4er/CVE-2020-2555	POC Details
4	CVE-2020-2555	https://github.com/Maskhe/cve-2020-2555	POC Details
5	None	https://github.com/Uvemode/CVE-2020-2555	POC Details
6	poc for CVE-2020-2555	https://github.com/Qynklee/POC_CVE-2020-2555	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-2555

请登录查看更多情报信息。

https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2021.htmlx_refsource_MISC
http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.htmlx_refsource_MISC
http://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2020-2555

Same Patch Batch · Oracle Corporation · 2020-01-15 · 203 CVEs total

CVE-2020-2667		Oracle E-Business Suite 安全漏洞
CVE-2020-2655		Oracle Java SE 安全漏洞
CVE-2020-2656		Oracle Solaris 安全漏洞
CVE-2020-2657		Oracle E-Business Suite 安全漏洞
CVE-2020-2658		Oracle E-Business Suite 安全漏洞
CVE-2020-2659		Oracle Java SE 安全漏洞
CVE-2020-2660		Oracle MySQL 安全漏洞
CVE-2020-2661		Oracle E-Business Suite iSupport 安全漏洞
CVE-2020-2662		Oracle E-Business Suite iSupport 安全漏洞
CVE-2020-2663		Oracle PeopleSoft Enterprise PeopleTools 安全漏洞
CVE-2020-2664		Oracle Solaris 安全漏洞
CVE-2020-2665		Oracle E-Business Suite 安全漏洞
CVE-2020-2666		Oracle E-Business Suite 安全漏洞
CVE-2020-2677		Oracle Hospitality Applications 安全漏洞
CVE-2020-2674		Oracle Virtualization 安全漏洞
CVE-2020-2675		Oracle Hospitality Applications 安全漏洞
CVE-2020-2676		Oracle Hospitality Applications 安全漏洞
CVE-2020-2673		Oracle Enterprise Manager Application Testing Suite 安全漏洞
CVE-2020-2678		Oracle Virtualization VM VirtualBox 安全漏洞
CVE-2020-2679		Oracle MySQL 安全漏洞

Showing top 20 of 203 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: WebCenter Portal

Same vendor: Oracle Corporation

V. Comments for CVE-2020-2555

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-2555

I. Basic Information for CVE-2020-2555

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2020-2555

III. Intelligence Information for CVE-2020-2555

Same Patch Batch · Oracle Corporation · 2020-01-15 · 203 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-2555

Leave a comment