CVE-2020-2569

Name of the Vulnerable Software and Affected Versions Oracle Applications DBA versions 11.2.0.4 through 19c

Description The issue is related to insufficient access control in the Oracle Applications DBA component of Oracle Database Server. Exploitation of this issue can allow an attacker to modify, add, or delete data, or cause a denial of service. The vulnerability can be easily exploited by a low-privileged attacker with local logon privilege to the infrastructure where Oracle Applications DBA executes. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized access to some of Oracle Applications DBA accessible data and a partial denial of service.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c, consider restricting access to the Oracle Applications DBA component to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit local logon privileges to the infrastructure where Oracle Applications DBA executes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.