CVE-2018-3299

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, and 12.2.0.1

Description The issue is related to insufficient access control in the Oracle Text component of Oracle Database Server. It allows a remote attacker to modify, add, or delete data, or cause a denial of service. Successful attacks require human interaction and can significantly impact additional products, resulting in unauthorized access to data and potential crashes of Oracle Text.

Recommendations For version 11.2.0.4, update to a newer version that includes the fix for this issue. For version 12.1.0.2, update to a newer version that includes the fix for this issue. For version 12.2.0.1, update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Oracle Text component to minimize the risk of exploitation.