The vulnerability of the Oracle Application Express Group Calendar component of the Oracle Database Server database management system allows attackers to compromise the confidentiality and integrity of the protected information.

🗓️ 02 Nov 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 6 Views

The Oracle Application Express Group Calendar vulnerability allows input validation flaws to expose confidentiality and integrity through web protocol.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2020-14900	21 Oct 202019:04	–	circl
CNVD	Oracle Database Server Information Disclosure Vulnerability	22 Oct 202000:00	–	cnvd
CVE	CVE-2020-14900	21 Oct 202014:04	–	cve
Cvelist	CVE-2020-14900	21 Oct 202014:04	–	cvelist
EUVD	EUVD-2020-7036	7 Oct 202500:30	–	euvd
NCSC	Vulnerabilities fixed in Oracle Database Server	21 Oct 202000:00	–	ncsc
NVD	CVE-2020-14900	21 Oct 202015:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - October 2020	20 Oct 202000:00	–	oracle
Tenable Nessus	Oracle Database Server Multiple Vulnerabilities (Oct 2020 CPU)	23 Oct 202000:00	–	nessus
Prion	Design/Logic Flaw	21 Oct 202015:15	–	prion

Vulners

Node

oracle databaseRange<20.2

Source	Link
oracle	www.oracle.com/security-alerts/cpuoct2020.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2020102103
web	www.web.nvd.nist.gov/view/vuln/detail

02 Nov 2020 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 35.4

CVSS 25.5

EPSS0.0069

oracle database server application express group calendar input validation web protocol confidentiality exposure integrity risk