{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Oracle Database Server 11.2.0.4 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Application Express 20.x versions ant\u00e9rieures \u00e0 20.2","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Database Server 19c sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Database Server 18c sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Database Server 12.2.0.1 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Database Server 12.1.0.2 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-14899","url":"https://www.cve.org/CVERecord?id=CVE-2020-14899"},{"name":"CVE-2020-14900","url":"https://www.cve.org/CVERecord?id=CVE-2020-14900"},{"name":"CVE-2020-14736","url":"https://www.cve.org/CVERecord?id=CVE-2020-14736"},{"name":"CVE-2020-14763","url":"https://www.cve.org/CVERecord?id=CVE-2020-14763"},{"name":"CVE-2020-14734","url":"https://www.cve.org/CVERecord?id=CVE-2020-14734"},{"name":"CVE-2020-14735","url":"https://www.cve.org/CVERecord?id=CVE-2020-14735"},{"name":"CVE-2020-13935","url":"https://www.cve.org/CVERecord?id=CVE-2020-13935"},{"name":"CVE-2020-14742","url":"https://www.cve.org/CVERecord?id=CVE-2020-14742"},{"name":"CVE-2019-12900","url":"https://www.cve.org/CVERecord?id=CVE-2019-12900"},{"name":"CVE-2020-14743","url":"https://www.cve.org/CVERecord?id=CVE-2020-14743"},{"name":"CVE-2020-14901","url":"https://www.cve.org/CVERecord?id=CVE-2020-14901"},{"name":"CVE-2020-14740","url":"https://www.cve.org/CVERecord?id=CVE-2020-14740"},{"name":"CVE-2020-14762","url":"https://www.cve.org/CVERecord?id=CVE-2020-14762"},{"name":"CVE-2020-14741","url":"https://www.cve.org/CVERecord?id=CVE-2020-14741"},{"name":"CVE-2020-14898","url":"https://www.cve.org/CVERecord?id=CVE-2020-14898"},{"name":"CVE-2020-9281","url":"https://www.cve.org/CVERecord?id=CVE-2020-9281"},{"name":"CVE-2020-11023","url":"https://www.cve.org/CVERecord?id=CVE-2020-11023"}],"links":[],"reference":"CERTFR-2020-AVI-662","revisions":[{"description":"Version initiale","revision_date":"2020-10-21T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es. Cet avis ne liste\npas les CVE pour lesquelles l'\u00e9diteur consid\u00e8re qu'elles ne sont pas\nexploitables dans le contexte d'ex\u00e9cution du produit.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Oracle CPUOct2020 du 20 octobre 2020","url":"https://www.oracle.com/security-alerts/cpuoct2020verbose.html"}]}