RDBMS/Optimizer Vulnerability in Oracle Database Server
CVE-2020-2734

2.4LOW

Key Information:

Vendor: Oracle
Status: Oracle Database
Vendor: CVE Published:; 15 April 2020

Summary

A vulnerability exists within the RDBMS/Optimizer component of Oracle Database Server, which affects specific versions. This easily exploitable issue could allow an attacker with high privileges to gain unauthorized access to RDBMS/Optimizer data through network access. Although successful exploitation requires human interaction from another individual, it poses a significant risk as it can lead to unauthorized read access to sensitive data within the database.

Affected Version(s)

Oracle Database 12.1.0.2

Oracle Database 12.2.0.1

Oracle Database 18c

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019