Access Vulnerability in Oracle REST Data Services Affects Multiple Versions
CVE-2020-14744

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Rest Data Services
Vendor: CVE Published:; 21 October 2020

Summary

Oracle REST Data Services has a vulnerability that can be exploited by attackers with low privileges and network access via HTTP. Successful exploitation enables unauthorized access to sensitive data, potentially compromising all data accessible through Oracle REST Data Services. Affected versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c, making it critical for organizations using these versions to apply necessary security measures.

Affected Version(s)

REST Data Services 11.2.0.4

REST Data Services 12.1.0.2

REST Data Services 12.2.0.1

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020