CVE-2019-2753

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, and 18c

Description The issue is related to the Oracle Text component of Oracle Database Server, where an easily exploitable vulnerability allows a low-privileged attacker with Create Session privilege and network access via OracleNet to compromise Oracle Text. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized read access to a subset of Oracle Text accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Text.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, and 18c, update to a version that includes the fix for this issue to prevent unauthorized access and denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.