Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-2517

Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L).

Published

2020-01-15T17:15:15.300

Last Modified

2024-11-21T05:25:24.947

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

4.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oracle	database_server	11.2.0.4	Yes
Application	oracle	database_server	12.1.0.2	Yes
Application	oracle	database_server	12.2.0.1	Yes
Application	oracle	database_server	18c	Yes
Application	oracle	database_server	19c	Yes

References

http://seclists.org/fulldisclosure/2021/Feb/13 Mailing List, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2020.html Patch, Vendor Advisory ([email protected])
http://seclists.org/fulldisclosure/2021/Feb/13 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2020.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)