CVE# | Component | Package and/or Privilege Required | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2016-1000031 | MapViewer (Apache Commons FileUpload) | Valid User Account | HTTP | No | 8.8 | Network | Low | Low | None | Un- changed | High | High | High | 12.2.0.1, 18c, 19c | See Note 1 |
CVE-2020-2968 | Java VM | Create Session, Create Procedure | Multiple | No | 8.0 | Network | High | Low | Required | Changed | High | High | High | 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c | |
CVE-2016-9843 | Core RDBMS (zlib) | Create Session | Oracle Net | No | 7.2 | Network | Low | High | None | Un- changed | High | High | High | 18c | |
CVE-2020-2969 | Data Pump | DBA role account | Oracle Net | No | 6.6 | Network | High | High | None | Un- changed | High | High | High | 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c | |
CVE-2020-8112 | GeoRaster (OpenJPG) | Create Session | Oracle Net | No | 5.7 | Network | Low | Low | Required | Un- changed | None | None | High | 18c | |
CVE-2020-2513 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2971 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2972 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2973 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2974 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2976 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2975 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2019-17569 | Workload Manager (Apache Tomcat) | None | HTTP | Yes | 4.8 | Network | High | None | None | Un- changed | Low | Low | None | 12.2.0.1, 18c, 19c | |
CVE-2020-2977 | Oracle Application Express | Valid User Account | HTTP | No | 4.6 | Network | Low | Low | Required | Un- changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2978 | Oracle Database - Enterprise Edition | DBA role account | Oracle Net | No | 4.1 | Network | Low | High | None | Changed | None | Low | None | 12.1.0.2, 12.2.0.1, 18c, 19c | |
CVE-2019-13990 | MapViewer (Terracotta Quartz Scheduler, Apache Batik, Google Guava) | Local Logon | None | No | 0.0 | Local | Low | Low | Required | Un- changed | None | None | None | 12.2.0.1, 18c, 19c | See Note 2 |
CVE-2018-18314 | Oracle Database (Perl) | Local Logon | None | No | 0.0 | Local | High | High | None | Un- changed | None | None | None | 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c | See Note 3 |
CVE-2019-10086 | Spatial Studio (Apache Commons Beanutils) | Local Logon | None | No | 0.0 | Local | Low | Low | None | Un- changed | None | None | None | Spatial Studio: Prior to 19.2.1 | See Note 4 |
CVE-2019-16943 | TFA (jackson-databind) | Local Logon | None | No | 0.0 | Local | High | High | None | Un- changed | None | None | None | 12.2.0.1, 18c, 19c | See Note 5 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-14705 | Oracle GoldenGate | Process Management | TCP | Yes | 9.6 | Adjacent Network | Low | None | None | Changed | High | High | High | Prior to 19.1.0.0.0 | |
CVE-2019-0222 | GoldenGate Stream Analytics | Security (ActiveMQ) | TCP | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | Prior to 19.1.0.0.1 | |
CVE-2019-14379 | GoldenGate Stream Analytics | Security / Application Adapters (jackson-databind, SLF4J, ZooKeeper, Apache Spark) | None | No | 0.0 | Local | Low | Low | None | Un- changed | None | None | None | Prior to 19.1.0.0.1 | See Note 1 |
欢迎光临 重庆思庄Oracle、Redhat认证学习论坛 (http://bbs.cqsztech.com/) | Powered by Discuz! X3.2 |