CVE-2020-14743

LOW

Oracle Database Server <19c - Low Privilege Integrity

Title source: llm
STIX 2.1

Description

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2020.html

Scores

CVSS v3 3.1
EPSS 0.0075
EPSS Percentile 50.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (5)
oracle/java_virtual_machine 11.2.0.4
oracle/java_virtual_machine 12.1.0.2
oracle/java_virtual_machine 12.2.0.1
oracle/java_virtual_machine 18c
oracle/java_virtual_machine 19c
Published Oct 21, 2020
Tracked Since Feb 18, 2026