CVE-2020-2735 : What You Need to Know
Learn about CVE-2020-2735 affecting Oracle Database Server Java VM component. Find out the impacted versions, exploitation risks, and mitigation steps to secure your system.
A vulnerability in the Java VM component of Oracle Database Server affecting multiple versions.
Understanding CVE-2020-2735
What is CVE-2020-2735?
The vulnerability allows a low privileged attacker to compromise Java VM through Oracle Net, potentially impacting additional products.
The Impact of CVE-2020-2735
- CVSS 3.0 Base Score: 8.0 (Confidentiality, Integrity, and Availability impacts)
- Successful attacks can lead to a takeover of Java VM
Technical Details of CVE-2020-2735
Vulnerability Description
The vulnerability in the Java VM component of Oracle Database Server affects versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c.
Affected Systems and Versions
- Oracle Database versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c
Exploitation Mechanism
- Low privileged attacker with Create Session privilege via Oracle Net
- Human interaction required for successful attacks
- Potential impact on additional products
Mitigation and Prevention
Immediate Steps to Take
- Apply patches provided by Oracle
- Monitor Oracle's security alerts for updates
Long-Term Security Practices
- Restrict network access to Oracle Database
- Regularly review and update security configurations
Patching and Updates
- Regularly update Oracle Database to the latest versions for security enhancements