CVE-2020-2737

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c

Description The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, which can be exploited by a high-privileged attacker with Create Session and Execute Catalog Role privileges. The attacker must have network access via Oracle Net. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of Core RDBMS. This vulnerability is difficult to exploit and can be used by an attacker to compromise the Core RDBMS component.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, consider restricting access to the Core RDBMS component until a patch is available. As a temporary workaround, limit the use of the Oracle Net protocol to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.