Oracle Sql Developer
By the Year
In 2023 there have been 1 vulnerability in Oracle Sql Developer with an average score of 6.7 out of ten. Sql Developer did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2023 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 1 | 6.70 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 5.90 |
| 2020 | 2 | 4.05 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Sql Developer vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oracle Sql Developer Security Vulnerabilities
Vulnerability in Oracle SQL Developer (component: Installation)
CVE-2023-21969
6.7 - Medium
- April 18, 2023
Vulnerability in Oracle SQL Developer (component: Installation). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer. Successful attacks of this vulnerability can result in takeover of Oracle SQL Developer. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect
CVE-2021-45105
5.9 - Medium
- December 18, 2021
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Improper Input Validation
Apache HttpClient versions prior to version 4.5.13 and 5.0.3
CVE-2020-13956
5.3 - Medium
- December 02, 2020
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Vulnerability in the SQL Developer Install component of Oracle Database Server
CVE-2020-14740
2.8 - Low
- October 21, 2020
Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon to the infrastructure where SQL Developer Install executes to compromise SQL Developer Install. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of SQL Developer Install accessible data. CVSS 3.1 Base Score 2.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Sql Developer or by Oracle? Click the Watch button to subscribe.
