Platform
oracle
Component
core-rdbms
Fixed in
12.1.1
12.2.1
18.0.1
19.0.1
CVE-2020-2731 is a vulnerability affecting the Core RDBMS component of Oracle Database Server. This easily exploitable flaw allows a low-privileged attacker with local logon access to potentially compromise the RDBMS, resulting in unauthorized data manipulation and a partial denial of service. The vulnerability impacts Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c, and a fix is available in version 19.0.1.
Successful exploitation of CVE-2020-2731 allows an attacker with local logon privileges to gain unauthorized access to Core RDBMS data. This could manifest as unauthorized updates, insertions, or deletions of data within the database. The vulnerability also presents a risk of partial denial of service, potentially disrupting critical database operations. The ease of exploitation, combined with the potential for data compromise, makes this a concerning vulnerability, particularly in environments with sensitive data.
CVE-2020-2731 was publicly disclosed on January 15, 2020. While the CVSS score is LOW (3.9), the ease of exploitation and potential for data compromise warrant attention. There are no known active campaigns targeting this specific vulnerability, and no public proof-of-concept exploits have been widely reported. This CVE is tracked by CISA and included in the KEV catalog.
Exploit Status
EPSS
0.13% (33% percentile)
CVSS Vector
The primary mitigation for CVE-2020-2731 is to upgrade to Oracle Database Server version 19.0.1 or later. If an immediate upgrade is not feasible, consider restricting local logon privileges to the minimum necessary for users. Implementing robust access controls and monitoring database activity can help detect and prevent unauthorized access. While a direct workaround isn't available, regular security audits and patching are crucial for maintaining a secure database environment. After upgrading, verify the fix by attempting to reproduce the vulnerability with the original exploit steps and confirming that access is denied.
Aplique el parche proporcionado por Oracle en el CPU de enero de 2020 para solucionar la vulnerabilidad en el componente Core RDBMS. Consulte el advisory de seguridad de Oracle para obtener más detalles e instrucciones específicas sobre la aplicación del parche.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2020-2731 is a LOW severity vulnerability in Oracle Database Server allowing local attackers to potentially compromise the RDBMS and modify data.
You are affected if you are running Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, or 19c and have not upgraded.
Upgrade to Oracle Database Server version 19.0.1 or later to remediate the vulnerability. Restrict local logon privileges as an interim measure.
There are no known active campaigns targeting this specific vulnerability, but the ease of exploitation warrants attention.
Refer to the Oracle Security Alert for CVE-2020-2731: https://www.oracle.com/security-alerts/cpuapr2020.html
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.