Vulnerability Name:
CVE-2020-2978 (CCN-185213)
Assigned:
2019-12-10
Published:
2020-07-14
Updated:
2023-05-05
Summary:
An unspecified vulnerability in Oracle Database - Enterprise Edition related to the DBA role account component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS v3 Severity:
4.1 Medium
(CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
)
3.6 Low
(Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
High
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
4.1 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
)
3.6 Low
(CCN Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
High
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
4.0 Medium
(CVSS v2 Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
4.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Consequences:
Other
References:
Source: MITRE
Type: CNA
CVE-2020-2978
Source: secalert_us@oracle.com
Type: UNKNOWN
secalert_us@oracle.com
Source: secalert_us@oracle.com
Type: Exploit, Third Party Advisory
secalert_us@oracle.com
Source: XF
Type: UNKNOWN
oracle-cpujul2020-cve20202978(185213)
Source: CCN
Type: IBM Security Bulletin 6349115 (Emptoris Contract Management)
Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management
Source: CCN
Type: IBM Security Bulletin 6349117 (Emptoris Strategic Supply Management)
Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform
Source: CCN
Type: IBM Security Bulletin 6349119 (Emptoris Supplier Lifecycle Management)
Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt
Source: CCN
Type: IBM Security Bulletin 6349121 (Emptoris Sourcing)
Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing
Source: CCN
Type: IBM Security Bulletin 6349123 (Emptoris Program Management)
Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management
Source: CCN
Type: IBM Security Bulletin 6454587 (Security Identity Manager)
Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance
Source: CCN
Type: Oracle CPUJul2020
Oracle Critical Patch Update Advisory - July 2020
Source: secalert_us@oracle.com
Type: Patch, Vendor Advisory
secalert_us@oracle.com
Vulnerable Configuration:
Configuration CCN 1
:
cpe:/a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
OR
cpe:/a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
OR
cpe:/a:oracle:database_server:18:*:*:*:*:*:*:*
OR
cpe:/a:oracle:database_server:19c:*:*:*:*:*:*:*
AND
cpe:/a:ibm:emptoris_sourcing:10.1.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_sourcing:10.1.1:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_contract_management:10.1.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_sourcing:10.1.3:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_contract_management:10.1.1:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_contract_management:10.1.3:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_program_management:10.1.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_program_management:10.1.1:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_program_management:10.1.3:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_supplier_lifecycle_management:10.1.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_supplier_lifecycle_management:10.1.1:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_supplier_lifecycle_management:10.1.3:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1:*:*:*:*:*:*:*
OR
cpe:/a:ibm:emptoris_strategic_supply_management:10.1.3:*:*:*:*:*:*:*
OR
cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.2:*:*:*:*:*:*:*
OR
cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.1:*:*:*:*:*:*:*
OR
cpe:/a:ibm:security_identity_manager:7.0.2:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
oracle
database server 12.1.0.2
oracle
database server 12.2.0.1
oracle
database server 18
oracle
database server 19c
ibm
emptoris sourcing 10.1.0
ibm
emptoris sourcing 10.1.1
ibm
emptoris contract management 10.1.0
ibm
emptoris sourcing 10.1.3
ibm
emptoris contract management 10.1.1
ibm
emptoris contract management 10.1.3
ibm
emptoris program management 10.1.0
ibm
emptoris program management 10.1.1
ibm
emptoris program management 10.1.3
ibm
emptoris supplier lifecycle management 10.1.0
ibm
emptoris supplier lifecycle management 10.1.1
ibm
emptoris supplier lifecycle management 10.1.3
ibm
emptoris strategic supply management 10.1.0
ibm
emptoris strategic supply management 10.1.1
ibm
emptoris strategic supply management 10.1.3
ibm
security identity manager virtual appliance 7.0.2
ibm
security identity manager virtual appliance 7.0.1
ibm
security identity manager 7.0.2
Denotes that component is vulnerable