Security Alert (A18-08-04): Vulnerability in Oracle Database
14 August 2018
Oracle has released an advisory to address a vulnerability in Java VM component of Oracle Databases Server. An authenticated remote attacker can exploit the vulnerability via Oracle NET for complete compromise of the Oracle Database.
Oracle Database version 126.96.36.199, 188.8.131.52, 184.108.40.206, 18
Successful exploitation could lead to take control of an affected system.
Patches for affected systems are available. Users of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
For Oracle Database version 220.127.116.11 and 18.104.22.168 on Windows, please refer to the following link: http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
For Oracle Database version 22.214.171.124 on Windows or any version of the database on Linux or Unix, the corresponding patches has been included in the July 2018 Critical Patch Update (CPU). This CPU was covered in our security alert A18-07-06.
Users may contact their product support vendors for the fixes and assistance.