CVE-2020-2517 LOW

CVE-2020-2517

Vendor Oracle Corporation
Product Oracle Database
Published January 15, 2020
Last update September 30, 2024

CVSS base score

3.3/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L).

Key dates

02Disclosure timeline

January 15, 2020 CVE published
September 30, 2024 Record updated