CVE-2020-2527

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c

Description The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, allowing a high-privileged attacker with Create Index and Create Table privileges and network access via OracleNet to compromise Core RDBMS. This can result in unauthorized read access to a subset of Core RDBMS accessible data. The vulnerability may significantly impact additional products.

Recommendations For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, consider restricting access to the Core RDBMS component to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of Create Index and Create Table privileges to reduce the attack surface. Restrict network access via OracleNet to the Core RDBMS component to prevent remote exploitation.