CVE-2020-2968

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4 through 19c

Description The issue exists due to insufficient input validation in the Java VM component of Oracle Database Server. This allows a remote attacker to potentially gain full control over the application. The vulnerability is difficult to exploit and requires a low-privileged attacker with Create Session and Create Procedure privileges, as well as network access via multiple protocols. Successful attacks need human interaction from a person other than the attacker and may significantly impact additional products, potentially resulting in the takeover of the Java VM.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c, consider restricting network access via multiple protocols to minimize the risk of exploitation. As a temporary workaround, limit the privileges of users with Create Session and Create Procedure privileges to reduce the potential impact of the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.