CVE-2020-14740

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, and 18c

Description: The issue is related to insufficient input validation in the SQL Developer Install component of Oracle Database Server. This vulnerability can be easily exploited by a low-privileged attacker with Client Computer User Account privilege and logon to the infrastructure where SQL Developer Install executes. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized read access to a subset of SQL Developer Install accessible data.

Recommendations: For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, and 18c, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.