CVE-2017-3240

Name of the Vulnerable Software and Affected Versions Oracle Database Server version 12.1.0.2

Description The issue is related to the RDBMS Security component of Oracle Database Server, where an easily exploitable vulnerability allows a low-privileged attacker with local logon privilege to compromise RDBMS Security. This can result in unauthorized read access to a subset of RDBMS Security accessible data. The vulnerability is associated with a lack of protection for service data.

Recommendations For version 12.1.0.2, update to a version that includes a fix for this issue to prevent unauthorized read access to RDBMS Security data. As a temporary workaround, consider restricting access to the RDBMS Security component to minimize the risk of exploitation.