Oracle is urging users to patch their Oracle Database installations to plug a critical security issue that can result in complete compromise of the Oracle Database and shell access to the underlying server.
About the vulnerability (CVE-2018-3110)
The vulnerability (CVE-2018-3110) affects Oracle Database versions 22.214.171.124 and 126.96.36.199 on Windows and is apparently easy to exploit, but can only be exploited remotely by an authenticated attacker.
The vulnerability is in the Java Virtual Machine component of Oracle Database Server. It requires no user interaction and allows attackers that have Create Session privilege with network access via Oracle Net to compromise the component.
Leave a reply