Vulnerabilities > CVE-2020-14742 - Unspecified vulnerability in Oracle Core Rdbms

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

oracle

NVD

Published: 2020-10-21

Updated: 2020-10-23

Summary

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYSDBA level account privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Core Rdbms 11.2.0.4 Oracle Core Rdbms 12.1.0.2 Oracle Core Rdbms 12.2.0.1 Oracle Core Rdbms 18C Oracle Core Rdbms 19C	5

References

https://www.oracle.com/security-alerts/cpuoct2020.html