CVE-2020-2517 : Vulnerability in the Database Gateway for ODBC component of Oracle Database Serv

Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L).

Published 2020-01-15 17:15:15

Updated 2021-02-25 20:43:51

Source Oracle

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-2517

Oracle » Database Server » Version: 11.2.0.4
cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 12.1.0.2
cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 12.2.0.1
cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 18C
cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 19C
cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2020-2517

Top countries where our scanners detected CVE-2020-2517

Top open port discovered on systems with this issue 1521

IPs affected by CVE-2020-2517 32,330

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2020-2517!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2020-2517

EPSS FAQ

0.32%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 54 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-2517

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:N/AC:M/Au:S/C:N/I:P/A:P	6.8	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial
3.3	LOW	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L	0.7	2.5	Oracle
Attack Vector: Network Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: Low
3.3	LOW	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L	0.7	2.5	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: Low

References for CVE-2020-2517

https://www.oracle.com/security-alerts/cpujan2020.html

Oracle Critical Patch Update Advisory - January 2020
Patch;Vendor Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2021/Feb/13

Full Disclosure: Oracle DB: various issues related to malicious database gateways
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-2517

Products affected by CVE-2020-2517

Threat overview for CVE-2020-2517

Exploit prediction scoring system (EPSS) score for CVE-2020-2517

CVSS scores for CVE-2020-2517

References for CVE-2020-2517