SQL Injection Vulnerability in Oracle Database Server
CVE-2020-14740

2.8LOW

Key Information:

Vendor: Oracle
Status: Sql Developer
Vendor: CVE Published:; 21 October 2020

What is CVE-2020-14740?

A vulnerability exists in the SQL Developer Install component of Oracle Database Server that can be exploited by low privileged attackers with Client Computer User Account privileges. This flaw allows unauthorized read access to certain data within SQL Developer Install, requiring human interaction from someone other than the attacker to succeed. The affected versions include Oracle Database Server 11.2.0.4, 12.1.0.2, 12.2.0.1, and 18c, making it crucial for users to implement security measures to safeguard their systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SQL Developer 11.2.0.4

SQL Developer 12.1.0.2

SQL Developer 12.2.0.1

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020

JSON

Oracle