CVE-2020-2569

Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).

CVSS v3 3.9 LOW
CVSS v2.0 3.3 LOW

3.9^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.3 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.oracle.com/security-alerts/cpujan2020.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:applications_dba:11.2.0.4:::::::*
	cpe:2.3:a:oracle:applications_dba:12.1.0.2:::::::*
	cpe:2.3:a:oracle:applications_dba:12.2.0.1:::::::*
	cpe:2.3:a:oracle:applications_dba:18c:::::::*
	cpe:2.3:a:oracle:applications_dba:19c:::::::*

History

28 Jul 2022, 14:32

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:applications_dba:12.1.0.2:::::::* cpe:2.3:a:oracle:applications_dba:11.2.0.4:::::::*

Information

Published : 2020-01-15 17:15

Updated : 2023-12-10 13:13

NVD link : CVE-2020-2569

Mitre link : CVE-2020-2569

CVE.ORG link : CVE-2020-2569

JSON object : View

Products Affected

oracle

applications_dba

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-2569", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 1.3}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 1.3}]}, "published": "2020-01-15T17:15:18.253", "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)."}, {"lang": "es", "value": "Vulnerabilidad en el componente DBA de Oracle Applications de Oracle Database Server. Las versiones compatibles que se ven afectadas son 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c y 19c. La vulnerabilidad f\u00e1cilmente explotable permite que el atacante con pocos privilegios tenga privilegios de inicio de sesi\u00f3n local con el inicio de sesi\u00f3n en la infraestructura donde se ejecuta Oracle Applications DBA para comprometer Oracle Applications DBA. Los ataques con \u00e9xito requieren la interacci\u00f3n humana de una persona que no sea el atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Applications DBA y la capacidad no autorizada de causar una denegaci\u00f3n parcial de servicio (parcial de DOS) de Oracle Applications DBA. Puntaje b\u00e1sico de CVSS 3.0 3.9 (impactos de integridad y disponibilidad). Vector CVSS: (CVSS: 3.0 / AV: L / AC: L / PR: L / UI: R / S: U / C: N / I: L / A: L)."}], "lastModified": "2022-07-28T14:32:27.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:applications_dba:11.2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "720E114A-3FA1-4E49-B552-CC9039137EAA"}, {"criteria": "cpe:2.3:a:oracle:applications_dba:12.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F124015D-CFA4-46EB-8012-1AB082071C94"}, {"criteria": "cpe:2.3:a:oracle:applications_dba:12.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B878C8ED-DA6C-44D0-BCA6-985C643353C4"}, {"criteria": "cpe:2.3:a:oracle:applications_dba:18c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72C620C9-D87A-4890-8EDB-E952F6DF7F6E"}, {"criteria": "cpe:2.3:a:oracle:applications_dba:19c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4164865-E582-4700-96FA-638E38066C03"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}