The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2020-2968

CVE-2020-2968: Oracle Database Java VM Privilege Escalation

CVE-2020-2968 is a privilege escalation vulnerability in Oracle Database Server's Java VM component that can result in complete system takeover. This article covers technical details, affected versions, and mitigation.

Published: March 4, 2026

CVE-2020-2968 Overview

CVE-2020-2968 is a vulnerability in the Java VM component of Oracle Database Server. This difficult to exploit vulnerability allows a low privileged attacker with Create Session and Create Procedure privileges and network access via multiple protocols to compromise the Java VM component. Successful exploitation requires human interaction from a person other than the attacker, and while the vulnerability exists within Java VM, attacks may significantly impact additional products beyond the vulnerable component. Complete takeover of the Java VM is possible upon successful exploitation.

Critical Impact

Successful attacks of this vulnerability can result in complete takeover of the Java VM component, with full confidentiality, integrity, and availability impacts that may extend to additional products.

Affected Products

  • Oracle Database Server 11.2.0.4
  • Oracle Database Server 12.1.0.2
  • Oracle Database Server 12.2.0.1
  • Oracle Database Server 18c
  • Oracle Database Server 19c

Discovery Timeline

  • 2020-07-15 - CVE-2020-2968 published to NVD
  • 2024-11-21 - Last updated in NVD database

Technical Details for CVE-2020-2968

Vulnerability Analysis

This vulnerability resides within the Java VM component of Oracle Database Server, which provides Java execution capabilities within the database environment. The Java VM enables stored procedures, triggers, and other database objects to be written in Java, providing extended functionality but also introducing additional attack surface.

The vulnerability requires an attacker to possess specific database privileges, namely Create Session and Create Procedure. These privileges, while not administrative, are commonly granted to application accounts and developers. The scope change indicated in this vulnerability means that successful exploitation can impact resources beyond the vulnerable Java VM component, potentially affecting the underlying database system or other integrated components.

Human interaction is required for successful exploitation, suggesting this may involve a social engineering element or require a privileged user to execute attacker-controlled code. The network-based attack vector combined with the high complexity rating indicates that exploitation, while remotely possible, requires specific conditions and careful orchestration.

Root Cause

The specific root cause has not been publicly disclosed by Oracle beyond the indication that the vulnerability exists within the Java VM component. Based on the vulnerability characteristics, it likely involves improper handling of privileges or insufficient isolation between the Java VM execution environment and underlying database resources. The scope change impact suggests a potential sandbox escape or privilege boundary violation within the Java execution context.

Attack Vector

Exploitation of CVE-2020-2968 requires the following conditions:

  1. Network Access: The attacker must have network connectivity to the Oracle Database Server through one of its supported protocols
  2. Database Privileges: The attacker needs a database account with Create Session and Create Procedure privileges
  3. Human Interaction: A user other than the attacker must perform some action to trigger the vulnerability
  4. Protocol Access: Multiple database protocols may serve as attack vectors

The attack chain likely involves creating a malicious stored procedure or Java object that, when executed by another user with higher privileges, enables the attacker to escape the Java VM sandbox and compromise the component. The changed scope indicates the compromise can cascade beyond the Java VM to affect database integrity, confidentiality, and availability.

Detection Methods for CVE-2020-2968

Indicators of Compromise

  • Unusual Java stored procedure creation activity, particularly from accounts not typically creating Java objects
  • Unexpected execution of Java code within the database by privileged users shortly after procedure creation by lower-privileged accounts
  • Anomalous network connections from Oracle Database Server processes to external systems
  • Evidence of privilege escalation attempts or unauthorized access to database objects

Detection Strategies

  • Monitor Oracle audit logs for Create Procedure events, particularly those involving Java-based stored procedures
  • Implement database activity monitoring to track execution patterns of Java stored procedures
  • Configure alerting for privilege escalation patterns where low-privileged account actions precede high-privileged account activities on the same objects
  • Review database connection logs for unusual access patterns to the Java VM component

Monitoring Recommendations

  • Enable Oracle Database Vault to monitor and restrict sensitive operations within the Java VM
  • Deploy network-based detection for anomalous Oracle protocol traffic patterns
  • Implement SentinelOne Singularity Platform to detect exploitation attempts and post-compromise behaviors on database server hosts
  • Regularly audit database accounts with Create Session and Create Procedure privileges to ensure least privilege principles

How to Mitigate CVE-2020-2968

Immediate Actions Required

  • Apply the Oracle Critical Patch Update (CPU) from July 2020 that addresses this vulnerability
  • Audit and restrict accounts with Create Session and Create Procedure privileges to only those that require them
  • Consider disabling the Java VM component if not required for business operations
  • Implement network segmentation to limit which systems can access the Oracle Database Server

Patch Information

Oracle has released security patches addressing this vulnerability as part of the July 2020 Critical Patch Update. Organizations should apply the appropriate patch for their Oracle Database Server version:

  • Version 11.2.0.4: Apply July 2020 CPU patch
  • Version 12.1.0.2: Apply July 2020 CPU patch
  • Version 12.2.0.1: Apply July 2020 CPU patch
  • Version 18c: Apply July 2020 CPU patch
  • Version 19c: Apply July 2020 CPU patch

Consult My Oracle Support for specific patch numbers and installation procedures for your environment.

Workarounds

  • Revoke Create Procedure privilege from accounts that do not require Java stored procedure capabilities
  • Disable the Java VM component in Oracle Database if not required using DBMS_JAVA_DEV package restrictions
  • Implement Oracle Database Vault to create realms protecting Java-related objects and procedures
  • Use Oracle Virtual Private Database (VPD) policies to add additional access controls around sensitive Java components
bash
# Example: Query accounts with Create Procedure privilege for audit
sqlplus / as sysdba <<EOF
SELECT grantee, privilege 
FROM dba_sys_privs 
WHERE privilege IN ('CREATE SESSION', 'CREATE PROCEDURE')
ORDER BY grantee;
EOF

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypePrivilege Escalation
  • Vendor/TechOracle Database
  • SeverityHIGH
  • CVSS Score8.0
  • EPSS Probability1.71%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityHigh
  • IntegrityHigh
  • AvailabilityHigh
  • CWE References
  • NVD-CWE-noinfo
  • Vendor Resources
  • Oracle Security Alert July 2020
  • Related CVEs
  • CVE-2025-30751: Oracle Database Privilege Escalation Flaw
  • CVE-2025-50066: Oracle Database Privilege Escalation Flaw
  • CVE-2024-20903: Oracle Database Privilege Escalation Flaw
  • CVE-2024-21184: Oracle Database Privilege Escalation
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English