CVE-2020-14763

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions prior to 20.2

Description: The issue is related to insufficient input validation in the Oracle Application Express Quick Poll component. It allows a low-privileged attacker with a valid user account and network access via HTTP to compromise the component. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The impact includes unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data.

Recommendations: For versions prior to 20.2, update to version 20.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Oracle Application Express Quick Poll component to minimize the risk of exploitation.