CVE-2020-14735

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c

Description: The issue is related to insufficient input validation in the Scheduler component of Oracle Database Server, allowing a low-privileged attacker with local logon privilege to compromise the Scheduler. Successful attacks can result in the takeover of the Scheduler and may significantly impact additional products.

Recommendations: For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, consider restricting access to the Scheduler component until a patch is available. As a temporary workaround, consider disabling the Scheduler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.