CVE-2019-2956

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, 19c

Description The issue is related to the Core RDBMS (jackson-databind) component of Oracle Database Server, where an easily exploitable vulnerability allows a low-privileged attacker with Create Session privilege and network access via multiple protocols to compromise the component. Successful attacks require human interaction from a person other than the attacker and can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the Core RDBMS (jackson-databind).

Recommendations For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, at the moment, there is no information about a newer version that contains a fix for this vulnerability.