Database Server Core RDBMS Vulnerability in Oracle Products
CVE-2020-2516

2.4LOW

Key Information:

Vendor: Oracle
Status: Oracle Database
Vendor: CVE Published:; 15 January 2020

Summary

A vulnerability exists within the Core RDBMS component of Oracle Database Server that allows an attacker with elevated privileges, specifically those capable of creating materialized views or tables, to exploit the system through OracleNet. This vulnerability requires the attacker to prompt human interaction, allowing them to gain unauthorized access and manipulate Core RDBMS data, specifically enabling updates, inserts, or deletions. Such risks emphasize the importance of robust security measures in safeguarding sensitive database information.

Affected Version(s)

Oracle Database 12.1.0.2

Oracle Database 12.2.0.1

Oracle Database 18c

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019