CVE-2019-2749

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c

Description The issue is related to insufficient access control in the Java VM component, allowing a low-privileged attacker with Create Session and Create Procedure privileges and network access via multiple protocols to compromise the Java VM. This can result in unauthorized access to critical data, including creation, deletion, or modification of data, as well as the ability to cause a hang or crash of the Java VM.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, consider restricting access to the Java VM component to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the Create Session and Create Procedure privileges for low-privileged users to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.