1. Home
  2. CVE Database
  3. CVE-2020-14740
LOW · 2.8

CVE-2020-14740

Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows l...

Vulnerability Description

Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon to the infrastructure where SQL Developer Install executes to compromise SQL Developer Install. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of SQL Developer Install accessible data. CVSS 3.1 Base Score 2.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).

CVSS Score

2.8

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
OracleSql Developer11.2.0.4

References

FAQ

What is CVE-2020-14740?

CVE-2020-14740 is a vulnerability with a CVSS score of 2.8 (LOW). Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows l...

How severe is CVE-2020-14740?

CVE-2020-14740 has been rated LOW with a CVSS base score of 2.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14740?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Sql Developer.