Unauthorized Data Access in Oracle REST Data Services by Oracle
CVE-2020-14745

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Rest Data Services
Vendor: CVE Published:; 21 October 2020

Summary

A security vulnerability exists in Oracle REST Data Services that allows low privileged attackers with network access via HTTP to gain unauthorized read access to sensitive data. This flaw affects multiple versions of the product, leading to potential exposure of accessible data that should otherwise remain confidential. It is essential for users of Oracle REST Data Services to apply the necessary updates and security patches to safeguard their data integrity.

Affected Version(s)

REST Data Services 11.2.0.4

REST Data Services 12.1.0.2

REST Data Services 12.2.0.1

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020