CVE-2020-2969

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c

Description The issue is related to insufficient input validation in the Data Pump component of Oracle Database Server. This allows a high-privileged attacker with DBA role account privilege and network access via Oracle Net to compromise Data Pump. Successful attacks can result in the takeover of Data Pump.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c, consider restricting network access via Oracle Net to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of the DBA role account to reduce the potential impact of the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.