CVE-2019-2954

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c

Description The issue is related to the Core RDBMS component of Oracle Database Server, where an easily exploitable vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges to compromise the Core RDBMS. This requires human interaction from a person other than the attacker. Successful attacks can result in unauthorized access to Core RDBMS data, including update, insert, or delete capabilities, as well as the ability to cause a partial denial of service.

Recommendations For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c, consider restricting access to the Core RDBMS component to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of users with Create Session and Create Procedure privileges to reduce the potential impact of the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.