Oracle Database Server bis 20.1 Oracle Application Express Quick Poll unbekannte Schwachstelle

eintrageditHistoryDiffjsonxmlCTI

In Oracle Database Server bis 20.1 (Database Software) wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Komponente Oracle Application Express Quick Poll. Ein Aktualisieren vermag dieses Problem zu lösen. Das Erscheinen einer Gegenmassnahme geschah direkt nach der Veröffentlichung der Schwachstelle. Oracle hat damit sofort gehandelt.

Feld21.11.2020 07:3122.11.2020 08:4822.11.2020 08:51
vendorOracleOracleOracle
nameDatabase ServerDatabase ServerDatabase Server
cveCVE-2020-14763CVE-2020-14763CVE-2020-14763
componentOracle Application Express Quick PollOracle Application Express Quick PollOracle Application Express Quick Poll
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sCCC
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version<=20.1<=20.1<=20.1
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
typeDatabase SoftwareDatabase SoftwareDatabase Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.55.55.5
cvss2_vuldb_tempscore4.84.84.8
cvss3_vuldb_basescore5.45.45.4
cvss3_vuldb_tempscore5.25.25.2
cvss3_meta_basescore5.45.45.4
cvss3_meta_tempscore5.25.25.2
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore4.94.94.9
cve_assigned15925176001592517600
cve_nvd_summaryVulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Quick Poll. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Quick Poll, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Quick Poll accessible data as well as unauthorized read access to a subset of Oracle Application Express Quick Poll accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Quick Poll. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Quick Poll, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Quick Poll accessible data as well as unauthorized read access to a subset of Oracle Application Express Quick Poll accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiN
cve_cnaOracle

Want to stay up to date on a daily basis?

Enable the mail alert feature now!