First published: Wed Jul 15 2020(Updated: )
An unspecified vulnerability in Oracle Database - Enterprise Edition related to the DBA role account component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM ISIM VA | <=7.0.2 | |
IBM ISIM VA | <=7.0.1 | |
Oracle Database | =12.1.0.2 | |
Oracle Database | =12.2.0.1 | |
Oracle Database | =18c | |
Oracle Database | =19d |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-2978 is an unspecified vulnerability in Oracle Database - Enterprise Edition related to the DBA role account.
CVE-2020-2978 affects Oracle Database - Enterprise Edition versions 12.1.0.2, 12.2.0.1, 18c, and 19c.
The severity of CVE-2020-2978 is medium with a CVSS score of 4.1.
The vulnerability can be easily exploited by a high privileged attacker with the DBA role account privilege and network access via Oracle Database.
Yes, you can find references for CVE-2020-2978 [here](http://packetstormsecurity.com/files/172183/Oracle-RMAN-Missing-Auditing.html), [here](https://databasesecurityninja.wordpress.com/2020/12/01/cve-2020-2978-rman-audit-table-point-in-time-recovery-not-logged/), and [here](https://www.oracle.com/security-alerts/cpujul2020.html).