Oracle Database Server Vulnerability in Applications DBA Component
CVE-2020-2568

3.9LOW

Key Information:

Vendor: Oracle
Status: Oracle Database
Vendor: CVE Published:; 15 January 2020

Summary

The vulnerability in the Oracle Applications DBA component of Oracle Database Server allows an attacker with local logon privileges to exploit the system. Affected versions 12.1.0.2, 12.2.0.1, 18c, and 19c can be compromised if the attacker has access to the infrastructure where Oracle Applications DBA operates. Successful exploitation can lead to unauthorized updates, insertions, or deletions of data, as well as potential partial denial of service. Human interaction from a third party is required for successful attacks, emphasizing the need for vigilance in access control.

Affected Version(s)

Oracle Database 12.1.0.2

Oracle Database 12.2.0.1

Oracle Database 18c

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019