Multiple vulnerabilities in Oracle Database Server

Jan 21, 2020 12:00 am Cyber Security 257
Published: 2020-01-20


Severity
Medium
Patch available
YES
Number of vulnerabilities
16
CVE ID
CVE-2020-2511CVE-2020-2510CVE-2020-2518CVE-2020-2512CVE-2020-2515CVE-2020-2527CVE-2020-2731CVE-2020-2568CVE-2020-2569CVE-2020-2517CVE-2020-2516CVE-2019-0232CVE-2019-0221CVE-2019-0199CVE-2018-11784CVE-2019-10072
CWE ID
CWE-20CWE-78CWE-79CWE-400CWE-601CWE-399
Exploitation vector
Network
Public exploit
Public exploit code for vulnerability #13 is available.
Vulnerable softwareSubscribe
Oracle Database ServerServer applications / Database software
Vendor
Oracle

Security Advisory



1) Improper input validation


Severity: Medium


CVSSv3: 6.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]


CVE-ID: CVE-2020-2511


CWE-ID: CWE-20 - Improper Input Validation


Description

The vulnerability allows a remote authenticated user to a crash the entire system.


The vulnerability exists due to improper input validation within the Core RDBMS in Oracle Database Server. A remote authenticated user can exploit this vulnerability to a crash the entire system.


Mitigation

Install updates from vendor's website.


Vulnerable software versions

Oracle Database Server: 12.1.0.2, 12.2.0.1, 18c, 19c


CPE
External links

multiple vulnerabilities oracle database server

Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!