CVE-2018-3110

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18

Description A vulnerability was discovered in the Java VM component of Oracle Database Server. The issue is related to inadequate access control. This easily exploitable vulnerability allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to compromise the Java VM. Successful attacks can result in the takeover of the Java VM. The vulnerability may significantly impact additional products.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, and 18, consider restricting access to the Java VM component to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the use of Oracle Net for remote access to the Java VM until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.