CVE-2020-2516

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c

Description The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, allowing a high-privileged attacker with Create Materialized View and Create Table privileges and network access via OracleNet to compromise the Core RDBMS. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some Core RDBMS accessible data.

Recommendations For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, consider restricting access to the Core RDBMS component until a patch is available. As a temporary workaround, limit the use of Create Materialized View and Create Table privileges to minimize the risk of exploitation. Restrict network access via OracleNet to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.