CVE-2020-14736 - Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are

CVE-2020-14736

Summary

Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Public Synonym privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Vault accessible data as well as unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).

References

https://www.oracle.com/security-alerts/cpuoct2020.html

Vulnerable Configurations

cpe:2.3:a:oracle:database_vault:11.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_vault:11.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_vault:12.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_vault:12.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_vault:12.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_vault:12.2.0.1:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 23-10-2020 - 17:32)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

misc

https://www.oracle.com/security-alerts/cpuoct2020.html

Last major update

23-10-2020 - 17:32

Published

21-10-2020 - 15:15

Last modified

23-10-2020 - 17:32