CVE-2020-2568

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, 19c

Description The issue is related to insufficient access control in the Oracle Applications DBA component, allowing a low-privileged attacker with local logon privilege to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized access to modify, add, or delete data, as well as cause a partial denial of service.

Recommendations For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, consider restricting access to the Oracle Applications DBA component to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling any functionality that relies on local logon privileges to the infrastructure where Oracle Applications DBA executes. Restrict access to sensitive data and monitor for any unauthorized changes or denial of service attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.