PT-2020-3242 · Oracle · Oracle Database

Emad Al-Mousa

Published

2020-07-14

Updated

2023-05-05

CVE-2020-2978

CVSS v3.1

4.1

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle Database - Enterprise Edition versions 12.1.0.2, 12.2.0.1, 18c, and 19c

Description The issue exists due to insufficient input validation in the Oracle Database - Enterprise Edition component of Oracle Database Server. This allows a remote attacker to potentially modify, add, or delete data. Successful attacks can result in unauthorized access to update, insert, or delete some of the accessible data in Oracle Database - Enterprise Edition.

Recommendations For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-03550

CVE-2020-2978

Affected Products

Oracle Database

PT-2020-3242 · Oracle · Oracle Database

CVE-2020-2978

Weakness Enumeration

Related Identifiers

Affected Products

References · 7