Oracle Database Server 19c RDBMS Security Information Disclosure

eintrageditHistoryDiffjsonxmlCTI

Es wurde eine kritische Schwachstelle in Oracle Database Server 19c (Database Software) gefunden. Dabei betrifft es ein unbekannter Codeteil der Komponente RDBMS Security. Ein Aktualisieren vermag dieses Problem zu lösen. Das Erscheinen einer Gegenmassnahme geschah direkt nach der Veröffentlichung der Schwachstelle. Oracle hat daher sofort gehandelt.

Feld21.11.2020 07:3122.11.2020 09:0422.11.2020 09:08
vendorOracleOracleOracle
nameDatabase ServerDatabase ServerDatabase Server
cveCVE-2020-14901CVE-2020-14901CVE-2020-14901
componentRDBMS SecurityRDBMS SecurityRDBMS Security
risk222
cwe200200200
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version19c19c19c
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
typeDatabase SoftwareDatabase SoftwareDatabase Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciCCC
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore6.16.16.1
cvss2_vuldb_tempscore5.35.35.3
cvss3_vuldb_basescore4.94.94.9
cvss3_vuldb_tempscore4.74.74.7
cvss3_meta_basescore4.94.94.9
cvss3_meta_tempscore4.74.74.7
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore6.86.86.8
cve_assigned15925176001592517600
cve_nvd_summaryVulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciC
cvss2_nvd_iiN
cvss2_nvd_aiN
cve_cnaOracle

Might our Artificial Intelligence support you?

Check our Alexa App!