Login Sign Up

CVE-2021-2428

8.1 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in Oracle Coherence allows unauthenticated attackers with network access via T3 or IIOP protocols to potentially compromise the system. It affects multiple versions of Oracle Coherence within Oracle Fusion Middleware. Successful exploitation could lead to complete takeover of the Oracle Coherence instance.

💻 Affected Systems

Products:
  • Oracle Coherence
  • Oracle Fusion Middleware
Versions: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires network access via T3 or IIOP protocols to vulnerable Oracle Coherence instances.

📦 What is this software?

Coherence by Oracle

View all CVEs affecting Coherence →

Coherence by Oracle

View all CVEs affecting Coherence →

Coherence by Oracle

View all CVEs affecting Coherence →

Coherence by Oracle

View all CVEs affecting Coherence →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Oracle Coherence leading to full system takeover, data exfiltration, and potential lateral movement within the network.

🟠

Likely Case

Remote code execution leading to unauthorized access, data manipulation, and service disruption of affected Oracle Coherence instances.

🟢

If Mitigated

Limited impact if network segmentation, access controls, and protocol restrictions are properly implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Oracle describes this as 'difficult to exploit' but successful attacks can lead to complete compromise.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Critical Patch Update for July 2021 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2021.html

Restart Required: Yes

Instructions:

1. Download the appropriate Critical Patch Update from Oracle Support. 2. Apply the patch to affected Oracle Coherence installations. 3. Restart the Oracle Coherence services. 4. Verify the patch was successfully applied.

🔧 Temporary Workarounds

Network Segmentation and Protocol Restriction

all

Restrict network access to Oracle Coherence instances and block T3/IIOP protocols from untrusted networks.

# Example firewall rule to block T3 (port 7001 typically) and IIOP
iptables -A INPUT -p tcp --dport 7001 -j DROP
iptables -A INPUT -p tcp --dport 900 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Oracle Coherence instances from untrusted networks
  • Deploy web application firewalls or network security controls to monitor and block suspicious T3/IIOP traffic

🔍 How to Verify

Check if Vulnerable:

Check Oracle Coherence version against affected versions list. Review network configurations for T3/IIOP exposure.

Check Version:

Check Oracle Coherence version through administration console or configuration files.

Verify Fix Applied:

Verify Oracle Coherence version is updated beyond affected versions. Confirm Critical Patch Update for July 2021 is applied.

📡 Detection & Monitoring

Log Indicators:

  • Unusual T3 or IIOP connection attempts
  • Unexpected process execution from Oracle Coherence
  • Authentication failures or bypass attempts

Network Indicators:

  • Suspicious T3 protocol traffic to Oracle Coherence ports
  • Unusual IIOP traffic patterns
  • Network connections from unexpected sources to Coherence services

SIEM Query:

source="oracle_coherence" AND (protocol="T3" OR protocol="IIOP") AND (action="unauthorized" OR action="exploit")

📊 Metadata

CVE ID: CVE-2021-2428
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: July 21, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON