CVE-2020-14899

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions prior to 20.2

Description: The issue is related to insufficient input validation in the Oracle Application Express Data Reporter component. It allows a low-privileged attacker with a valid user account and network access via HTTP to compromise the component. Successful attacks require human interaction and may significantly impact additional products, resulting in unauthorized access to data.

Recommendations: For versions prior to 20.2, update to version 20.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Oracle Application Express Data Reporter component to minimize the risk of exploitation.