CVE-2020-2511

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c

Description The issue is related to insufficient access control in the Core RDBMS component of Oracle Database Server. It can be exploited by a remote attacker with low privileges, having Create Session privilege and network access via OracleNet, to compromise Core RDBMS. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete denial of service) of Core RDBMS.

Recommendations For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the OracleNet protocol to minimize the risk of exploitation. Restrict Create Session privilege to minimize the risk of exploitation.