PT-2020-1309 · Oracle · Oracle Database

Eddie Zhu

Published

2020-01-14

Updated

2022-10-17

CVE-2020-2731

CVSS v3.1

3.9

Low

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Oracle Database versions 12.1.0.2 through 19c

Description The issue exists due to insufficient input validation in the Core RDBMS component of Oracle Database. Exploitation of this issue may allow an attacker to impact data integrity or cause a partial denial of service. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized access to modify data or cause a partial denial of service.

Recommendations For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-00209

CVE-2020-2731

Affected Products

Oracle Database

PT-2020-1309 · Oracle · Oracle Database

CVE-2020-2731

Weakness Enumeration

Related Identifiers

Affected Products

References · 7