CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-2734

Vulnerability in the RDBMS/Optimizer component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_SQLTUNE privilege with network access via Oracle Net to compromise RDBMS/Optimizer. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS/Optimizer accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.1%

CVSS Severity

CVSS v3 Score 2.4

CVSS v2 Score 3.5

References

Products affected by CVE-2020-2734

Oracle » Database Server » Version: 12.1.0.2

cpe:2.3:a:oracle:database_server:12.1.0.2
Oracle » Database Server » Version: 12.2.0.1

cpe:2.3:a:oracle:database_server:12.2.0.1
Oracle » Database Server » Version: 18c

cpe:2.3:a:oracle:database_server:18c
Oracle » Database Server » Version: 19c

cpe:2.3:a:oracle:database_server:19c

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-2734

Products

Pricing

Contact Us