CVE-2020-14735
HIGHOracle Scheduler 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c - Authenticated Remote Code Execution
Title source: llmDescription
Vulnerability in the Scheduler component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Scheduler executes to compromise Scheduler. While the vulnerability is in Scheduler, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Scheduler. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2020.html
Scores
CVSS v3
8.8
EPSS
0.0044
EPSS Percentile
35.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
Status
published
Products (5)
oracle/scheduler
11.2.0.4
oracle/scheduler
12.1.0.2
oracle/scheduler
12.2.0.1
oracle/scheduler
18c
oracle/scheduler
19c
Published
Oct 21, 2020
Tracked Since
Feb 18, 2026