Oracle Multiple Products Remote Code Execution Vulnerability — Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment Planning, Oracle Commerce, Oracle Communications Diameter Signaling Router (DSR).
CVE-2020-2555 is a critical remote code execution vulnerability affecting multiple Oracle products including Coherence, Utilities Framework, Retail Assortment Planning, Commerce, and Communications DSR. An unauthenticated attacker can exploit this via T3 or HTTP protocols to achieve complete system compromise without authentication.
تؤثر هذه الثغرة الحرجة على عدة منتجات Oracle الموزعة على نطاق واسع في المؤسسات السعودية. يمكن لمهاجم غير مصرح به استغلال البروتوكولات T3 و HTTP للحصول على تحكم كامل على الأنظمة المتأثرة دون الحاجة للمصادقة.
This vulnerability affects multiple Oracle enterprise products used in Saudi organizations, allowing remote code execution through network access. Unauthenticated attackers can completely compromise affected systems via T3 or HTTP protocols.
Immediately apply Oracle security patches for affected products (Coherence, Utilities Framework, Retail Assortment Planning, Commerce, Communications DSR). Restrict network access to T3 and HTTP ports for these services, implement network segmentation, disable unnecessary services, and monitor for exploitation attempts. Upgrade to patched versions as soon as possible.
تطبيق تحديثات أمان Oracle فوراً للمنتجات المتأثرة. تقييد الوصول إلى منافذ T3 و HTTP، تطبيق تقسيم الشبكة، تعطيل الخدمات غير الضرورية، ومراقبة محاولات الاستغلال. الترقية إلى الإصدارات المصححة في أقرب وقت.