CVE-2020-14901

5 documents5 sources
Severity
4.9MEDIUM
EPSS
0.4%
top 38.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Database - Enterprise EditionOracle Database
Timeline
PublishedOct 21
Latest updateMay 24

Description

Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-5v89-mvjq-f3f8: Vulnerability in the RDBMS Security component of Oracle Database Server2022-05-24
OSV
samba regressions2021-12-06
CVEList
CVE-2020-14901: Vulnerability in the RDBMS Security component of Oracle Database Server2020-10-21

📋Vendor Advisories

1
Oracle
Oracle Oracle Database Server Risk Matrix: RDBMS Security — CVE-2020-149012020-10-15
CVE-2020-14901 (MEDIUM CVSS 4.9) | Vulnerability in the RDBMS Security | cvebase.io