Vulnerability in Oracle Database Server's Core RDBMS Component
CVE-2020-2731

3.9LOW

Key Information:

Vendor: Oracle
Status: Oracle Database
Vendor: CVE Published:; 15 January 2020

What is CVE-2020-2731?

A vulnerability exists in the Core RDBMS component of Oracle Database Server, impacting versions 12.1.0.2, 12.2.0.1, 18c, and 19c. This issue enables a low-privileged attacker with Local Logon privilege to compromise the RDBMS after logging into the system. Exploitation of this vulnerability necessitates human interaction from a third party, which can lead to unauthorized updates, insertions, or deletions of accessible data within Core RDBMS. Additionally, it poses a risk of causing partial denial of service (partial DOS) to the Core RDBMS environment.

Affected Version(s)

Oracle Database 12.1.0.2

Oracle Database 12.2.0.1

Oracle Database 18c

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019