CVE-2020-2981

HIGH

Oracle Berkeley DB < 18.1.40 - Unauthenticated Remote Code Execution in Data Store

Title source: llm
STIX 2.1

Description

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 18.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2020.html

Scores

CVSS v3 7.0
EPSS 0.0043
EPSS Percentile 35.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (1)
oracle/berkeley_db < 18.1.40
Published Jul 15, 2020
Tracked Since Feb 18, 2026