CVE-2020-14735

HIGH

Oracle Scheduler 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c - Authenticated Remote Code Execution

Title source: llm
STIX 2.1

Description

Vulnerability in the Scheduler component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Scheduler executes to compromise Scheduler. While the vulnerability is in Scheduler, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Scheduler. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2020.html

Scores

CVSS v3 8.8
EPSS 0.0044
EPSS Percentile 35.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (5)
oracle/scheduler 11.2.0.4
oracle/scheduler 12.1.0.2
oracle/scheduler 12.2.0.1
oracle/scheduler 18c
oracle/scheduler 19c
Published Oct 21, 2020
Tracked Since Feb 18, 2026