CVE-2020-14740
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/10/2020
Last modified:
23/10/2020
Description
Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon to the infrastructure where SQL Developer Install executes to compromise SQL Developer Install. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of SQL Developer Install accessible data. CVSS 3.1 Base Score 2.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).
Impact
Base Score 3.x
2.80
Severity 3.x
LOW
Base Score 2.0
1.90
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:oracle:sql_developer:11.2.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:sql_developer:12.1.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:sql_developer:12.2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:sql_developer:18c:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page