CVE-2019-2547

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c

Description The issue is related to the Java VM component of Oracle Database Server. It allows a low-privileged attacker with Create Session and Create Procedure privileges and network access via multiple protocols to compromise the Java VM. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized ability to cause a partial denial of service of the Java VM. The vulnerability can also potentially lead to the takeover of the Java VM.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c, consider restricting access to the Java VM component until a patch is available. As a temporary workaround, consider disabling the Java VM component to minimize the risk of exploitation. Restrict network access via multiple protocols to reduce the attack surface.