Severity
Medium
Patch available
YES
Number of vulnerabilities
16
CVE ID
CVE-2020-2511CVE-2020-2510CVE-2020-2518CVE-2020-2512CVE-2020-2515CVE-2020-2527CVE-2020-2731CVE-2020-2568CVE-2020-2569CVE-2020-2517CVE-2020-2516CVE-2019-0232CVE-2019-0221CVE-2019-0199CVE-2018-11784CVE-2019-10072
CWE ID
CWE-20CWE-78CWE-79CWE-400CWE-601CWE-399
Exploitation vector
Network
Public exploit
Public exploit code for vulnerability #13 is available.
Vulnerable softwareSubscribe
Oracle Database ServerServer applications / Database software
Vendor
Oracle
Security Advisory
1) Improper input validation
Severity: Medium
CVSSv3: 6.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-2511
CWE-ID: CWE-20 - Improper Input Validation
Description
The vulnerability allows a remote authenticated user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core RDBMS in Oracle Database Server. A remote authenticated user can exploit this vulnerability to a crash the entire system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Oracle Database Server: 12.1.0.2, 12.2.0.1, 18c, 19c
CPE
External links