// For flags

CVE-2020-14740

 

Severity Score

2.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon to the infrastructure where SQL Developer Install executes to compromise SQL Developer Install. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of SQL Developer Install accessible data. CVSS 3.1 Base Score 2.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).

Vulnerabilidad en el componente SQL Developer Install de Oracle Database Server. Las versiones compatibles que están afectadas son 11.2.0.4, 12.1.0.2, 12.2.0.1 y 18c. Una vulnerabilidad explotable fácilmente permite a un atacante poco privilegiado que tenga privilegio de Client Computer User Account con inicio de sesión en la infraestructura donde se ejecuta SQL Developer Install para comprometer a SQL Developer Install. Los ataques con éxito requieren la interacción humana de una persona diferente del atacante. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de SQL Developer Install. CVSS 3.1 Puntuación Base 2.8 (Impactos de la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-06-19 CVE Reserved
  • 2020-10-21 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://www.oracle.com/security-alerts/cpuoct2020.html 2020-10-23
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
 Sql Developer
Search vendor "Oracle" for product "Sql Developer"
 11.2.0.4
Search vendor "Oracle" for product "Sql Developer" and version "11.2.0.4"
-
Affected
Oracle
Search vendor "Oracle"
 Sql Developer
Search vendor "Oracle" for product "Sql Developer"
 12.1.0.2
Search vendor "Oracle" for product "Sql Developer" and version "12.1.0.2"
-
Affected
Oracle
Search vendor "Oracle"
 Sql Developer
Search vendor "Oracle" for product "Sql Developer"
 12.2.0.1
Search vendor "Oracle" for product "Sql Developer" and version "12.2.0.1"
-
Affected
Oracle
Search vendor "Oracle"
 Sql Developer
Search vendor "Oracle" for product "Sql Developer"
 18c
Search vendor "Oracle" for product "Sql Developer" and version "18c"
-
Affected