SQL Injection Vulnerability in Oracle Database Server
CVE-2020-14740

2.8LOW

Key Information:

Vendor: Oracle
Status: Sql Developer
Vendor: CVE Published:; 21 October 2020

Summary

A vulnerability exists in the SQL Developer Install component of Oracle Database Server that can be exploited by low privileged attackers with Client Computer User Account privileges. This flaw allows unauthorized read access to certain data within SQL Developer Install, requiring human interaction from someone other than the attacker to succeed. The affected versions include Oracle Database Server 11.2.0.4, 12.1.0.2, 12.2.0.1, and 18c, making it crucial for users to implement security measures to safeguard their systems.

Affected Version(s)

SQL Developer 11.2.0.4

SQL Developer 12.1.0.2

SQL Developer 12.2.0.1

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020