Data Pump Vulnerability in Oracle Database Server
CVE-2020-2969

6.6MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Database
Vendor: CVE Published:; 15 July 2020

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the Data Pump component of Oracle Database Server that allows a high-privileged attacker with DBA role access to compromise the Data Pump functionality. This issue affects specific supported versions of Oracle Database Server, making it essential for administrators to implement security updates to protect against potential takeovers and unauthorized access.

Affected Version(s)

Oracle Database 11.2.0.4

Oracle Database 12.1.0.2

Oracle Database 12.2.0.1

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jun 19, 2024
👾
Exploit known to exist
Jun 19, 2024
Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Dec 10, 2019