Vulnerability in Oracle Database Gateway for ODBC Component
CVE-2020-2517

3.3LOW

Key Information:

Vendor: Oracle
Status: Oracle Database
Vendor: CVE Published:; 15 January 2020

Summary

A vulnerability exists in the Database Gateway for ODBC component of Oracle Database Server which can be exploited by an attacker with high privileges, particularly those with Create Procedure and Create Database Link privileges. The attacker must possess network access via OracleNet to target the Database Gateway for ODBC. Successful exploitation may lead to unauthorized updates, inserts, or deletions of accessible data within this component, as well as the potential to partially disrupt services, leading to a partial denial of service situation. The affected versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Organizations using these versions should take necessary precautions to mitigate risks associated with this vulnerability.

Affected Version(s)

Oracle Database 11.2.0.4

Oracle Database 12.1.0.2

Oracle Database 12.2.0.1

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

http://seclists.org/fulldisclosure/2021/Feb/13

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019