Oracle Database Server Vulnerability in Oracle Text Component
CVE-2020-14734

8.1HIGH

Key Information:

Vendor: Oracle
Status: Text
Vendor: CVE Published:; 21 October 2020

Summary

This vulnerability affects the Oracle Text component of Oracle Database Server, potentially allowing an unauthenticated attacker with network access to compromise Oracle Text. Exploiting this vulnerability may lead to unauthorized takeover, resulting in significant risks to data confidentiality, integrity, and availability across supported versions including 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Organizations should apply the necessary patches to mitigate the associated risks.

Affected Version(s)

Text 11.2.0.4

Text 12.1.0.2

Text 12.2.0.1

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020